By: Edith Allen
The latest cyberattacks on U.S. financial institutions are aggressive campaigns with sophisticated software and powerful tactics. A string of attacks started in September and sent dozens of U.S. banks offline. The attacks cost millions of dollars, but they also presented new elements of destructive potential. According to a March 29 article in the New York Times, the attacks have escalated from denial of service and data theft to actual data destruction. There are also rising concerns that foreign governments are behind the attacks.
The attackers are not mere distributed denial of service (DDoS) operators who infect thousands of computers and instruct them to slow websites to a halt. The new attackers demonstrate military grade sophistication and power. The attacks are destructive to the point where they are becoming more like cyber warfare.
Alan Paller is the director of research at the SANS cyber security training organization. He said, “The attacks have changed from espionage to destruction. Nations are actively testing how far they can go before we will respond.”
The latest U.S. attack came on Thursday and took American Express offline for two hours. According to a March 28 New York Times article, customers tried to access to their online accounts, but were greeted by blank screens or “an ominous ancient type face”. American Express confirmed the attack.
Another attack took JPMorgan Chase offline earlier this month. Last week, more cyber attacks disabled 32,000 bank and television network computers in South Korea. Last year, a particularly destructive cyber attack actually destroyed data on 30,000 Saudi Aramco computers. The attackers replaced the Saudi Aramco data with the image of a burning American flag.
Governments are taking more of the blame for increasingly powerful and heavily resourced attacks. As an example, a group called Izz ad-Din al-Qassam Cyber Fighters took credit for last year’s attacks on Wells Fargo and Bank of America. The group claimed the attacks were a protest against the anti-Islamic video that was posted on YouTube last fall. Experts, however, are not buying it. They are sure that the Iranian government sponsored the group and the attack. In another example, North Korea is a chief suspect in cyber attacks on South Korea and South Korea is suspected of attacks on its neighbor to the north. APT1 is a unit of the Chinese People’s Liberation Army. Investigators said that APT1 is responsible for over 141 cyber attacks on U.S. interests.
The ultimate issue is that it takes a government to do battle with another government, even when that battle is in cyberspace. U.S. corporations and banks are sometimes reluctant to even confirm they have been attacked and they oppose giving the U.S. government access to their most sensitive systems and data. That will have to change if U.S. businesses want government protection against cyber attacks that could escalate into government sponsored cyber warfare.