August 02, 2015

Hackers using DDoS threat to extort money from financial institutions

MarketWatch reported Friday that hackers are using the threat of a distributed denial of service (DDoS) attack to extort money from large banks and financial services companies.

Richard Jacobs, assistant special agent in charge of the cyber branch at the FBI's New York office, was quoted as saying that more than 100 companies, including big banks and brokerages, have received DDoS threats since about April.

Jacobs said in the article that the ransom requests typically run in the tens of thousands of dollars and that in some cases the companies have paid.

MarketWatch reported that a DDoS outage could mean losses of more than $100,000 an hour for financial companies.

In the article, Jacobs said the FBI does not advise firms as to whether they should pay a ransom or let their websites go down. In January, a Swiss bank refused to pay a $12,000 ransom, and hackers released information on about 30,000 of its clients.

DDoS attacks are on the rise at financial institutions, according to the June issue of The NCUA Report, which reported an increase of 117 percent in the first quarter compared to last year. NCUA cited research from cloud-services firm Akamai and noted that financial institutions were the target of 8.4 percent of DDoS attacks in the first quarter.

NCUA has urged credit unions to know the signs of a DDoS attack and to take precautions. In addition, the Federal Financial Institutions Examination Council has issued risk-mitigation information and requirements concerning DDoS attacks.