Home / / JPMorgan Chase website downed by DoS attack

JPMorgan Chase website downed by DoS attack

Attack comes as US committee told ‘cyber threat more worrying than terrorism’

JPMorgan Chase website downed by DoS attack
Chase.com was hit by a denial-of-service attack yesterday.

Chase.com, the consumer site of US financial conglomerate JPMorgan Chase & Co was hit by a denial-of-service attack yesterday, online media reported.

The attack took the public site offline as US intelligence officials announced that the cyber threat represented a greater concern to national security than terrorism. The annual briefing in which the concerns were disclosed was given to the US Senate Intelligence Committee and included testimony from Director of National Intelligence James Clapper.

In September hacktivist group Izz ad-Din al-Qassam Cyber Fighters pledged to target US banks with DoS strikes, which work by flooding a Web server with more resource requests than it can handle. A Reuters report confirmed that attempts to log into the Chase.com site failed and according to JPMorgan spokesman Michael Fusco IT staff were still working to restore operations until late yesterday.

Last week Florida-based DoS-protection specialist Prolexic announced its involvement in the "mitigation" of a similar attack on an unnamed US utility company's website and online payment system on February 17.

"[The systems were] brought down for 48 hours by a combination Layer 4 DDoS attack," Prolexic said in a statement.

"During that time, more than 155,000 customers could not pay bills online or by phone. In addition, employees could not receive external e-mails."

"Utilities is another vertical market that is likely to be victimised in the coming months as attackers look beyond daily targets like e-commerce and financial services," said Stuart Scholly, president, Prolexic.

"Attackers are targeting network infrastructures to cause collateral damage to other shared resources, so organisations must think about their different areas of vulnerability beyond website URLs."

According to Proexic, detection and mitigation of the attack proved difficult because it targete the backend IP addresses of the public-facing infrastructure.

While it is not clear if Izz ad-Din al-Qassam was involved in this attack or in the JPMorgan Chase incident, the escalation of incursions may explain the strength of language in intelligence briefings as governments and public agencies grasp the depth and breadth of the cyber threat.

JPMorgan, Bank of America Corp and Citigroup Inc, have all reported attacks in recent months and admitted that they expect more in the future.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.