Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:11 AM
Connect Directly

Bank Group Warns of Heightened Risk of Cyber Attacks

A financial services industry group warned U.S. banks, brokerages and insurers on Wednesday to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites.

The move by FS-ISAC came just two days the FBI published a "fraud alert" advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers. ()

"Often these DDoS attacks are part of a more sophisticated blended threat - One that utilizes DDoS as a diversion for more complex, difficult to detect techniques with the intention to extract customer data or financial information," said Holden of Arbor Networks.

An FBI spokeswoman declined to say if the tactics cited in the fraud alert were related to the problems experienced by the two banks.

On Wednesday the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a U.S. bank.

JPMorgan Chase spokesman Patrick Linehan said: "We're experiencing intermittent issues with We apologize for any inconvenience and are working to restore full connectivity."

A Bank of America spokesman reported no continuing problems on Wednesday. "Our online banking services have been, and are, up and running," Mark Pipitone said. "The vast majority of our customers have not experienced any issues."


The short advisory from the industry group urged banks and other industry members to "ensure constant diligence in monitoring and quick response to any malicious events."

The Reston, Virginia-based group is owned by dozens of firms, including the two banks, as well as Citigroup Inc, Goldman Sachs Group Inc and Morgan Stanley. Insurers including American International Group, Allstate Corp and State Farm Insurance also belong to the group, as do credit card companies MasterCard Inc and Visa Inc.

The advisory also cited a warning from Microsoft Corp that hackers have attacked some of its customers by means of a security bug in its widely used Internet Explorer browser.

Microsoft has yet to release software to fix that security flaw. The German government advised the public to stop using Internet Explorer until an update is released. The U.S. Department of Homeland Security has advised users to follow steps recommended by Microsoft to reduce the risk of attacks but noted that those measures may not fully secure the browser.


The warning from FS-ISAC comes as the Obama Administration is considering issuing an executive order that could instruct government agencies to take action to help better protect the nation's critical infrastructure from cyber attacks.

Legislation that would strengthen the government's ability to help secure private networks has so far been stalled in Congress by groups concerned about privacy issues as well as business groups that oppose increased regulation of their activities.

Senator Jay Rockefeller, who heads the Senate Commerce Committee, on Wednesday sent letters to the 500 biggest U.S. companies, challenging them to improve their computer security. He blamed the defeat of the legislation on concerns raised by "a handful of business lobbying groups and trade associations."

He asked the companies to identify their own best practices and to spell out their concerns about government-conducted risk assessments that were part of the cyber security bill. He warned that the companies could face "reactive and overly prescriptive legislation" if nothing were done until some cyber disaster.

During a speech to the annual Air Force Association conference, Deputy Defense Secretary Ashton Carter complained that businesses are not doing enough to protect their own networks, saying he was disappointed that the legislation has not passed Congress.

Officials with FS-ISAC could not be reached to comment on the decision to raise its cyber threat level. A spokesman for the Department of Homeland Security declined to comment on the advisory from the industry group.

Copyright 2012 by Reuters. All rights reserved.

2 of 2
Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.