The hacktivist group, which has been hammering U.S. banks since late last year, has now expanded attacks to other financial services companies An Islamic group that launched a third wave of high-powered distributed denial-of-service (DDoS) attacks against U.S. banks in March has started targeting other financial organizations, including credit card companies and financial brokerages, security experts say.The hacktivist group that calls itself Cyber Fighters of Izz ad-Din al-Qassam has been hammering U.S. banks since last September. The attacks have caused major disruptions in online banking, but have not resulted in system breaches or the theft of data.With each new wave of attacks the group has shifted to other targets. The first wave, which lasted about six weeks from mid-September to mid-October, targeted mostly major financial institutions. Targets included Wells Fargo, U.S. Bank, Bank of America, JPMorgan Chase & Co. and PNC Bank. In the second phase, which went for seven weeks from December to late January, the attackers expanded to mid-tier banks and credit unions.In the latest wave, which started Feb. 25 and is the longest so far, the attackers have gone beyond just banking institutions, which over the months have grown more adept at fending off the attackers, John Summers, vice president of Akamai Technologies’ security business, said Wednesday. Akamai, whose clients include nine of the world’s top 10 banks, saw attacks against credit-card companies and financial brokerages, but declined to name them. In a Pastebin post, the Islamic group said Tuesday that it launched attacks last week against investment manager Principal Financial, financial planner Ameriprise, and financial services company State Street.A DDoS attack took discount brokerage Charles Schwab & Co. offline for an hour Tuesday and intermittently on Wednesday. Schwab did not know who was behind the attack. Along with expanding the type of targets, the attackers have grown more sophisticated. Rather than stick with flooding sites with network traffic, the attackers are directing their packets to the application layer reserved for secured communication protocols, which is where most of the banks’ online business is conducted. In the largest such attack so far, 30 gigabits per second of bogus traffic was sent over SSL, roughly 70 times the bank’s normal peak traffic, Summers said.[Related earlier stories: Banks can only hope for the best with DDoS attacks | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film | Best defense against cyberattacks is good offense, says former DHS official]The Islamic group has also started doing pre-attack probing of sites that involve sending four- to six-minute bursts of 18 million requests a second to see if the site falters. If it does, then they come back a few days later with a full-scale assault.“That sort of probe-based, pre-attack reconnaissance is something new that we’ve seen in the phase three section,” Summers said.Given the group’s constant shift in targets and growing sophistication, security experts did not expect the attacks to end anytime soon. “All projecting current trends forward, it’s not clear they have any intention of stopping,” Summers said.From the start, the attackers have used a botnet of Web servers compromised using the Brobot DDoS tool, also known as “itsoknoproblembro.” In March, the botnet was linked to DDoS attacks against three online role-playing sites used by gamers, BankInfoSecurity reported. The attacks led some security experts to speculate that either the botnet was hijacked or rented out. Scott Hammack, chief executive of Prolexic, said the company has seen Brobot traffic used against energy companies and organizations in Europe. However, Hammack did not know who was behind the attacks, but believed it was more than one group.“It’s difficult to say, but yes, that would be my guess,” he said.The Islamic group claims they are acting in protest of a YouTube video mocking the Prophet Muhammad. They vow to continue the attacks until the video, called the Innocence of Muslims, is removed from the site. U.S. government officials have said they believe the attacks are originating from Iran. Related content news Amazon’s AWS Control Tower aims to help secure your data’s borders As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help. By Jon Gold Nov 28, 2023 3 mins Regulation Regulation Government news North Korean hackers mix code from proven malware campaigns to avoid detection Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. By Shweta Sharma Nov 28, 2023 3 mins Malware feature How a digital design firm navigated its SOC 2 audit L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits. By Alex Levin Nov 28, 2023 11 mins Certifications Compliance news GE investigates alleged data breach into confidential projects: Report General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker. By Shweta Sharma Nov 27, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe