Hackers from the Middle East recently claimed to have compromised Bank of America's website, leading to slow loading times and possible outages. The attackers claimed to be from the "Cyber fighters of Izz ad-din qassam" – the digital wing of Hamas. The group's post to online forums also suggested that a similar attack would be carried out against the New York Stock Exchange, though no such assault has occurred.
The hackers expressed disgust in regard to "Innocence of Muslims," an amateur film on YouTube that satirizes the prophet Muhammad. The cybercriminals placed heavy blame on overtly capitalist organizations in the United States, such as banks and other financial institutions.
As recent events have showcased, the initial claims of hacktivist groups can't always be trusted. InformationWeek columnist Michael Endler highlighted the GoDaddy outage as an example. Despite hackers claiming responsibility, it was later discovered to be caused by several technical issues. However, the possibility that the attackers' claims are legitimate has not been ruled out.
Bill Pennington, chief strategy officer at WhiteHat Security, told InformationWeek that the Bank of America incident could have been caused by a distributed denial of service (DDoS) attack.
According to Pennington, the use of botnets makes DDoS attacks easy to orchestrate and affordable even for amateur hackers. The Internet security arena can be further complicated when such an assault makes headlines. This often encourages other malicious programmers or even hacktivist groups to carry out more attacks, making it a significant challenge to identify which parties are responsible.
U.S. banks on high alert
Several other U.S. financial organizations have reported website outages or sluggish performance. The Financial Services – Information Sharing and Analysis Center (FS-ISAC) posted an announcement on September 19, warning that it had raised its cyber threat level to "high" due to a series of attacks, one of which targeted J.P. Morgan Chase. The FS-ISAC also warned of a zero-day exploit in Microsoft's Internet Explorer
"Members should maintain a heightened level of awareness, apply all appropriate updates and update [antivirus] and IDS/IPS signatures, and ensure constant diligence in monitoring and quick response to any malicious events," the website stated.
Although many organizations tighten Internet security breaches after a high-profile incident makes headlines, the FS-ISAC's advice is sound to follow throughout the year, as Microsoft isn't the only software company that has been busy patching zero-day exploits. Such a threat was uncovered in Java last month and was quickly delivered to opportunistic hackers via the Blackhole exploit kit.
Security News from SimplySecurity.com by Trend Micro