As Regions' Site Goes Dark, Banks Need to Take Cyber Attacks More Seriously

Bank hacktavists are at it again, and this time Regions Financial (NYSE: RF  ) was the target. The large regional bank's website was down part of the day last Friday, and the bank confirmed that it had been the victim of a distributed denial of service (DDoS) attack. Online customers were unable to access their accounts, or if they could, found that their login information or debit card transactions were being denied.

Although Region's site seemed to be up and running by late Friday, these kinds of attacks are becoming the norm, and are striking regional banks more often. Are banks truly taking these attacks seriously, and what are they doing to protect themselves?

How dangerous?
Cyber attacks on websites, particularly the DDoS-type of disruption, first began in 2001. Back then, sites like eBay (NASDAQ: EBAY  ) and Yahoo! (NASDAQ: YHOO  ) were targeted, possibly in an attempt to disrupt e-commerce. Since then, groups like Izz ad-Din-as-Qassam or groups tied to the Iranian government have staged assaults on the websites of big banks like Bank of America (NYSE: BAC  ) , Wells Fargo (NYSE: WFC  ) , and Citgroup (NYSE: C  ) , as well as large regionals such as BB&T (NYSE: BBT  ) and PNC Financial.

While these service interruptions are considered inconvenient for customers and costly to banks, it is unclear just how important it is to banks to fight these onslaughts. When American Banker surveyed banks at the end of the first quarter, only slightly over 50% responded that such attacks were a critical threat to the financial system's security.

Recently, al-Qassam reemerged after a break, threatening more mayhem. American Banker quoted an analyst from Intuit (NASDAQ: INTU  ) , a business and financial software provider, as noting that DDoS attacks "have less of an impact" on banks' business than those designed to hide more nefarious cyber activities. Another analyst from NSS Labs, an information and security research and advisory firm, stated that DDoS assaults in and of themselves don't really cost banks much, though they are inconvenient for customers.

Of course, banks can't know when an attack is merely disruptive, and when it may be covering for criminal activity. Security company Symantec (NASDAQ: SYMC  ) has commented that these assaults have become a way for hackers to distract banks while funds are illegally withdrawn. Though most of the thefts have occurred in Europe, where attacks have progressed from website outages to actual bank heists, at least one U.S. bank, Citigroup, disclosed some losses due to cyber thievery earlier this year.

Banks, regulators at odds
But even DDoS website disruptions can frustrate customers, chipping away at the trust between banks and consumers -- which is the very intention of al-Qassam. 

Though banks have thrown millions of dollars at the problem, it continues unabated. Recently, federal regulators have been nudging banks to do a better job at preventing these assaults, causing bankers to bristle. After all, they say, when countries like Iran are behind these attacks, shouldn't the government pitch in to help?

The recent Quantum Dawn 2 test, administered by the Securities Industry and Financial Markets Association and involving 50 financial entities, attempted to test banks' responses to these assaults. Though it was declared a success, it tested only human reactions to a simulated threat, not the security of the financial system's cyber infrastructure.

Some of the larger banks are becoming more concerned about the dangers of cyber assaults, and Wells Fargo has acknowledged that DDoS attacks are likely a method for hackers to test banks' security before more sophisticated onslaughts take place. With that kind of threat looming, banks need to bump up staffing, as well as network security, according to regulators. JPMorgan Chase  (NYSE: JPM  ) , for instance, has over 600 workers that are trained specifically in security issues -- and plans to add more.

All of this costs money, but there seems to be no alternative, and time is of the essence: al-Qassam has vowed to launch a new offensive very soon. Banks need to take these DDoS incidents more seriously before these attacks evolve into outright robbery.

What macro trend was Warren Buffett referring to when he said "this is the tapeworm that's eating at American competitiveness"? Find out in our free report: "What's Really Eating at America's Competitiveness." You'll also discover an idea to profit as companies work to eradicate this efficiency-sucking tapeworm. Just click here for free, immediate access.


Read/Post Comments (1) | Recommend This Article (2)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On July 30, 2013, at 12:28 PM, BEYONDENGLISH wrote:

    For me this is just a bunch of blah, blah, blah!!! BS lies and whatever else that stinks to high heaven!!! First "oh my they're attacking our systems we must shut down and call for a bank holiday on Thursday or Friday afternoon so nobody can do a bank run on us" Because it's a cyber attack the ATMs won't work either lol hahahaha sucker!!! All I can say is Cypress!!! If you all fall for this scheme you deserve to have your money taken away from you. I used to work in Corp. Citibank and let me tell you they will take your money any way they can. The min. you hear "Bank holiday" on a Friday it's too late. Check on the people of Cypress, their savings up to date has been robed by 46% that's almost half of the peoples hard earned money gone. Now I'm glad my money isn't in the USA banks because when this happens and it will happen. A lot of people will be outraged and you think they'll do simple bank robberies, no way I'm betting that a slew of people will go on a blind killing spree in the banks. People are barley surviving as it is and if the bankers try to pull this heist off then those people will be pushed off the edge and have nothing to lose. I'm sure some people will set fire to the bank buildings which I don't condone in any way!!! I also don't condone violence!!! All you sheeple need to remember is that there's power in numbers or "strength in numbers" The bankers are only a small group of people and you are a large over whelming group of people that they want to control. They are afraid of you and your numbers and they can be stopped but you all have to get along with each other first about race and differences because they want you all divided on different issues. Once you're all together they know they have lost. You'll have a big mess to clean up as far as the financial system is concerned but it can be done. The first thing that needs to be done is QUIT TALKING AND COMPLAINING!!!!!!!!!!!!!!!! Get off of your lazy fat rear ends and start putting people in jail and I do mean put them in prison!!!! The top hierarchy of people controlling the system ie. Rothschild, Rockefeller, and so on. Also the Bankers like Goldman Sachs and other big names that got part off the bailout grab. Oh yeah don't forget the Federal Reserve which is a private bank and the IRS they work hand in hand. Remember NO violence!!!!! Do this as educated and civilized human beings!!! These people are like the family alcoholic or drug addict or prescription addict. They are addicted to greed and false sense of power. You gave them the power by doing nothing. So this is not their fault it's the people of the USA's fault!!!! You're all asleep and you don't want to wake up!!! so of course they're going to take what they can because you all allow it to happen, you do nothing to stop it!!!!

Add your comment.

DocumentId: 2564424, ~/Articles/ArticleHandler.aspx, 4/19/2014 9:15:06 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement