According to a CSO Online article, Prolexic Technologies identified the distributed denial of service (DDoS) attacks against several online banking institutions including Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase as a toolkit called itsoknoproblembro. The attackers who identified themselves Izz ad-Din al-Qassam Cyber Fighters, claim to be muslim hacktivists angry over the YouTube video that has recently sparked controversy regarding its portrayal of Muhammad.
According to Prolexic:
The “itsoknoproblembro” toolkit is capable of simultaneously attacking components of a website’s infrastructure and application layers, flooding the targets with sustained traffic peaking at 70 gigabits per second. In addition, Prolexic found that traffic signatures were unusually complex and therefore difficult to reroute away from the targets.
The vendor, which declined to name the banks whose sites it tracked, said the attackers likely spent months probing the sites for the components most susceptible to a DDoS assault. They also were knowledgeable in the technology used to mitigate such attacks.
“From a DDoS perspective, they are on the level of a Stuxnet type of attack,” said Scott Hammack, chief executive of Prolexic.
This recent hack should drive home that attacks against business will become more complex over time and that it is necessary to re-evaluate risk levels and the associated mitigation/defense strategies deployed. Security is a life-cycle that needs to be re-evaluated on a regular basis to adapt to the shifting landscape.