London police chief: City bankers, prepare for a terrorist cyber attack. Again

Fingers ISIS as likely attacker


+Comment Western financial institutions should prepare themselves for cyber attacks from Islamic militants, the head of the City of London police warns.

Commissioner Adrian Leppard urged preparations ought to be put at hand during a security conference in New York. According to the FT, he singled Islamic State of Iraq and the Levant (aka Isis) as a potential attacker.

"There could be a very serious impact to the financial institutions of the world through a cyber attack and I think it's a very strong likelihood that it will happen one day in the future, which is why we've got to push back and take action now before it happens," Commissioner Leppard told the (Financial Times - registration required).

The City of London force and New York District Attorney's Office will be stationing permanent staff in each other's offices to build greater co-operation between police and prosecutors that cover the Square Mile and Wall Street. The exchange programme is designed to ward off attacks, Reuters adds.

Commissioner Leppard previously described Tor as 90 per cent of the internet during an IP Enforcement Summit back in June.

+Comment

In your correspondent's view, it is likely that this latest warning is built on insubstantial foundations that paint a misleading view of the threat landscape (cue scary headlines about Cyber Terror). The warning also overlooks the fact that through exercises such as Waking Shark City financial institutions are already collectively testing their incident response and disaster recovery.

Warnings about a Cyber Pearl Harbour have been going on for 15 years or more. Commissioner Leppard's warning offers a jihadist twist, fuelled by real world concerns about ISIS/IS.

But IS is largely using the internet for propaganda and recruitment and the Islamist cyber-threat is best categorised as the possibility of DDoS or website defacement by hacktivist types.

Islamic hacktivists claimed responsibility for a series of distributed denial-of-service attacks that hit US financial organisations in two waves during September 2012 and early 2013. The Izz ad-Din al-Qassam Cyber Fighters were linked to DDoS attacks against US Bancorp, Citigroup, Wells Fargo and Bank of America, among others.

The group said the offensive was motivated by the continued availability of the inflammatory Innocence of Muslims video on YouTube.

Unnamed US government officials claimed Iran was orchestrating the attacks as a reprisal for Stuxnet. Security experts cast scorn on the notion that the DDoS attacks had to be nation-state sponsored because a server-based botnet involving compromised WordPress sites had been harnessed in the attack. ®

Similar topics

Broader topics


Other stories you might like

  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Malaysia-linked DragonForce hacktivists attack Indian targets
    Just what we needed: a threat to rival Anonymous

    A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.

    The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.

    Continue reading
  • Let's play everyone's favorite game: REvil? Or Not REvil?
    Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang

    Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.

    REvil was behind the JBS and Kaseya malware infections last year. In January, Russia reportedly dismantled REvil's networks and arrested 14 of its alleged members, theoretically putting an end to the criminal operation. 

    Beginning in late April, however, the same group of miscreants — or some copycats  — appeared to resume their regularly scheduled ransomware activities with a new website for leaking data stolen from victims, and fresh malicious code.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
    We take a look at low, low subscription prices – not that we want to give anyone any ideas

    A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.

    According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.

    The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.

    Continue reading

Biting the hand that feeds IT © 1998–2022