Speaking on Wednesday at an event hosted by Perdue University, Mamani Older told an audience at CERIAS 2013 that massive distributed denial of service \u2013 or DDoS – attacks have become “business as usual” for Citi, and that those launching the attacks have fallen into a predictable schedule of attacks. Just this week, American Express said that it, also, has been targeted by DDoS attacks, which harness infected or cloud-based systems around the globe to flood public facing systems with junk traffic, slowing down response times severely, or knocking the Web sites offline.<\/p>\n","protected":false},"excerpt":{"rendered":"
A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters took responsibility for the American Express attack, as it has for other attacks on banks and financial services organizations. Third party analysis of the attacks on American Express and other banks suggest that those behind the operation are well-funded and sophisticated: leveraging networks of compromised web servers to host attacks and using sophisticated tools to target weak points in public facing banking and business applications.<\/p>\n
In February, the website Krebsonsecurity reported that Bank of the West was the victim of a large denial of service attack that acted as cover for unauthorized transfers from one of the bank’s commercial customers that totaled $900,000.<\/p>\n
<\/p>\n
However, Citi has been hampered in its investigation by a lack of reliable data, constrained funding and a dearth of forensic and case management tools to analyze it, she said.<\/p>\n
The bank has plenty of security software and hardware, and relies heavily on its security information management (SIM) systems, but the focus is still on protecting Citi’s network from external threats or removing threats, not analyzing activity within the network to spot malicious or suspicious goings on. Activity due to malware or phishing attacks and lateral movement on the network characteristic of so-called “advanced persistent threats” can be difficult to spot with current tools, she said.<\/p>\n
<\/p>\n
Out of 100 countries, Older estimated that only 50 have laws that allow Citi to look at the kinds of specific data on IP addresses, logins and other data that’s necessary to conduct a proper investigation. “We have cases where we know there’s malware there, and we know an investigation happened, but we can’t get the data back,” Older said. “I think it would benefit us greatly if we could get past that and find a way to be sensitive to privacy regulations in a way that also lets us get meaningful data.”<\/p>\n
<\/p>\n