The unusually potent attacks started early last year with Bank of America, investigators told The Journal. After attacking oil and gas companies in the Persian Gulf during the summer, the attackers turned their attention once again to banks in September.
The amount of bogus traffic directed at bank websites in an attempt to overwhelm them reached as high as 60 to 70Gbps, which is many multiples higher than the typical denial-of-service attack. For example, Arbor Networks estimated that the average attack in September was 1.67 Gbps.
The sophistication of the attacks point to a state-sponsored action, researchers believe. Prolexic reported in October that a toolkit used in some of the attacks flooded the infrastructure and application layers of the bank's websites simultaneously. In addition, the traffic signatures were unusually complex and therefore difficult to reroute.
While botnets of mostly compromised PCs are used in the majority of cyber attacks, traffic sent against the banks was generated by compromised servers with 200 to 300 times more capacity than a personal computer, researchers say. Investigators told The Journal that tens of thousands of infected servers running corporate websites have been used.
The attacks have affected most of the top dozen U.S banks, which have had their sites disrupted or taken offline for short periods of time. In October, Defense Secretary Leon Panetta said the Pentagon was prepared to take action if the country was threatened by a computer-based attack.
While the U.S. is blaming Iran, the Middle Eastern country blames the U.S. and Israel for sending the Stuxnet worm that destroyed centrifuges in Iranian nuclear facilities in 2009. Quoting unidentified sources, The New York Times reported last year that Stuxnet was the work of the U.S. and Israeli governments.
Read more about malware/cyber crime in CSOonline's Malware/cyber crime section.