Supporting terrorist groups worldwide is a very bad thing. Killing your own people when they publicly oppose the existing government is a very bad thing. Building a nuclear weapon and threatening to annihilate your neighbors is a very bad thing. Having a president who wears a bomber jacket, sports a three-day growth of beard, and goes by a moniker that sounds like "I'm-A-Major-Whack-Job" is a very bad thing. However, launching denial-of-service attacks on bank webistes is beyond the pale.
The website glitches and outages that affected Bank of America and Chase last week are rumored to be just that sort of attack. In fact, financial fraud sources say both banks were hit with denial-of-service attacks likely backed by Iran.
Experts say banks better brace themselves, and they're right. With the U.S. election approaching, institutions can count on more DDoS attacks sponsored by nation-states.
Nation "states"? It sounds one nation "state" to me. I suppose this is to be expected from a government with whom this country and its ally, Israel, have been waging an undeclared war that, according to some sources, includes the introduction of destructive computer viruses into Iranian computer systems and the delivery of bullets to the heads of Iranian scientists.
The experts were correct about banks bracing themselves for further attacks, because following the date the above-linked blog post was posted, Wells Fargo was also hit. What are banks supposed to do?
A fraud alert issued Sept. 17 by FS-ISAC, the Federal Bureau of Investigation and the Internet Crime Complaint Center, suggests 17 steps institutions should take to mitigate risks posed by cyberthreats...
Among those steps:
- Educate employees about phishing e-mails and suspicious attachments;
- Monitor site traffic spikes, which could indicate a DDoS attack;
- Limit employees' ability to remotely access internal networks and work-related e-mails from personal devices.
"Traditional preventive measures, such as bandwidth over-provisioning, firewalls and intrusion prevention systems, continue to provide some protection. However, traditional measures are ineffective against today's DDoS attacks," the FS-ISAC says, calling for the use of layered defenses.
Banks and credit unions should ensure that their tellers and other branch personnel are well-educated about all the security steps the organization is taking and can communicate that information clearly to customers.
As if banks didn't have enough to do merely trying to survive the terror imposed by the CFPB. Now they have to deal with cyber-terror launched by a nation whose leaders make even Liz Warren seem rational in comparison.