CyberSecurity Institute

A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters took responsibility for the American Express attack, as it has for other attacks on banks and financial services organizations. Third party analysis of the attacks on American Express and other banks suggest that those behind the operation are well-funded and sophisticated: leveraging networks of compromised web servers to host attacks and using sophisticated tools to target weak points in public facing banking and business applications.

In February, the website Krebsonsecurity reported that Bank of the West was the victim of a large denial of service attack that acted as cover for unauthorized transfers from one of the bank’s commercial customers that totaled $900,000.

However, Citi has been hampered in its investigation by a lack of reliable data, constrained funding and a dearth of forensic and case management tools to analyze it, she said.

The bank has plenty of security software and hardware, and relies heavily on its security information management (SIM) systems, but the focus is still on protecting Citi’s network from external threats or removing threats, not analyzing activity within the network to spot malicious or suspicious goings on. Activity due to malware or phishing attacks and lateral movement on the network characteristic of so-called “advanced persistent threats” can be difficult to spot with current tools, she said.

Out of 100 countries, Older estimated that only 50 have laws that allow Citi to look at the kinds of specific data on IP addresses, logins and other data that’s necessary to conduct a proper investigation. “We have cases where we know there’s malware there, and we know an investigation happened, but we can’t get the data back,” Older said. “I think it would benefit us greatly if we could get past that and find a way to be sensitive to privacy regulations in a way that also lets us get meaningful data.”

Link: http://securityledger.com/the-new-normal-wednesday-is-ddos-day-at-citigroup/

.”These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them,” he said.

Adam Schiff, D-Calif., a senior member of the House Intelligence Committee, told NBC News Wednesday that the FBI and “other law enforcement agencies are following up aggressively to identify the responsible parties” of the attacks. “Our computer networks are the subject of daily assault by hostile hackers, both state sponsored and independent, who hope to obtain confidential information for economic gain, to test our defenses, or simply because they can,” Schiff said.

Rogers, who is pushing for the passage of the Cyber Intelligence Sharing and Protection Act, H.R.624, says that the federal government is “trying to share cyber threat information with these banks to help them get ahead of these attacks. He said, “needs to pass bipartisan information sharing legislation to knock down those barriers, so that American companies can protect their computer networks and the valuable intellectual property and personal customer information that resides on them.”

Doug Johnson, the American Bankers Association’s vice president of risk management policy, told NBC News that the attacks “have been intensifying since October and we expect them to continue.

Link: http://www.nbcnews.com/technology/technolog/cyberattacks-banks-signal-urgent-need-security-bill-lawmakers-say-1C9202532

“The biggest change is the maintenance and the growth in the botnet,” Dan Holden, director of Arbor Networks’ Security Engineering and Response Team explained for Ars Technica.

And they’ve added some twists and techniques to their tools as time goes on, focusing their attacks more on the particular applications of the banks they’re targeting.

And while the attacks bring huge losses to the targeted institutions – whether it’s because the customers can’t access their accounts for days at the time, because the hackers or other cyber crooks might have used the DDoS attacks as a cover for fraudulent transaction, or because of the preventative measures they had to undertake to protect their websites – the cost for the attackers is thought to be also considerable.

Considering the effort and hours it takes to maintain the attack botnets, and the continuing refinement of the attacks, Holden believes that it couldn’t be done without financial backing.

Link; http://www.net-security.org/secworld.php?id=14691