Sign in with
Sign up | Sign in

DDoS Attacks Pulling Attention Away from Bank Cyberheists

By - Source: Gartner | B 6 comments

There's a growing trend of thieves hitting banks with low-level DDoS attacks while taking over their wire transfer switches in the process.

What's the best way to steal millions from a number of banks across the nation without being detected? Try causing a diversion by launching a DDoS attack, and then take over the system that manages and executes wire transfers, AKA the payment switch. That's what Gartner VP and distinguished analyst Avivah Litan said has taken place over the last several months, noting that DDoS attacks are becoming increasingly popular.

"Until recently, most illegal money transfers were accomplished via account takeover – of either customer or employee accounts when the fraudsters moved money from customer accounts to their mules and eventually their own accounts," she said.

MORE: Malware XPocalypse Looms for Windows XP Users

She reports that once the thieves launch a "low-power" DDoS on a specific bank – meaning the assault isn't meant to knock down the bank's website for hours or days -- they then attempt to siege the payment switch using a privileged user account that has access to that switch. Once the switch is held hostage, hackers have access to all accounts and can fraudulently wire transfer as much money as they can from as many accounts as they can until the bank, which was distracted by the DDoS, has discovered what's really going on.

Litan, who is an expert in financial fraud and banking security, did not explain how the thieves gained access to accounts that control the payment switches. Gaining access using phishing email presumably seems unlikely given the layers of security precautions financial institutions supposedly have in place to protect your money. Yet "cyberheists" such as these are a growing problem, and both phishing and brute account takeovers have been linked to many attacks in the past.

"Considerable financial damage has resulted from these attacks," Litan said. "One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted."

Litan told SCMagazine that at least three banks suffered from this kind of attack/theft over the last several months, but would not provide their identities. She said that these recent attacks have nothing to do with the wave of DDoS attacks that arrived last winter and spring to knock down Chase, Citigroup, Bank of America, Wells Fargo and many others.

Back in September, the Financial Services Information Sharing and Analysis Center, the Internet Crime Complaint Center and the FBI said in a joint statement (pdf) that the $200 Dirt Jumper DDoS toolkit was being used to divert bank employees' attention away from fraudulent wire transfers conducted with pilfered employee credentials. Then in April the Dell SecureWorks Counter Threat Unit issued a similar report (pdf), warning that hackers attempted fraudulent wire transfers of up to $2.1 million USD using the same DDoS smokescreen cover.

Surprisingly, the FBI's report clearly states that hackers are using spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials. Even more, the hackers primarily use spam and phishing emails. Once compromised, keyloggers and RAT's installed on the bank employee computer provide the hacker with complete access to internal networks and logins to third part systems.

And to think these people and institutions are managing your money. Honestly, it seems that the consumer can't win: the government wants to spy on your online and offline identities while hackers want to steal them. Still, we have to ask this: why aren't banks providing better protection against phishing attacks?

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 2 Hide
    house70 , August 23, 2013 9:44 AM
    Follow the money trail. It will invariably lead to a stained employee.
    We never get to hear the end result of these investigations; the institutions in question just prefer to hide it all under the rug instead of being exposed for what they are and do: hire people with low pay that not only don't give a damn about your money, but also sell their info for a quick and easy buck.
  • 2 Hide
    b23h , August 23, 2013 10:01 AM
    I doubt that there is a person on the inside selling information. The FBI's mentions spam and phishing attacks. That means the employees are poorly trained and are sloppy with their day to day security practices.
  • 4 Hide
    theblacksails , August 23, 2013 1:50 PM
    As someone that works in IT in a relatively small bank, I can say the phishing and spam is very believable. Many of our users can't tell the difference and when we do social engineering tests every year, inevitably there's always a few that fall for it.

    We can put all the security in the world in place but all it takes is one poorly-trained (or just stupid) employee to click the wrong link.
  • Display all 6 comments.
  • -1 Hide
    theblacksails , August 23, 2013 2:08 PM
    As someone that works in IT in a relatively small bank, I can say the phishing and spam is very believable. Many of our users can't tell the difference and when we do social engineering tests every year, inevitably there's always a few that fall for it.

    We can put all the security in the world in place but all it takes is one poorly-trained (or just stupid) employee to click the wrong link.
  • -1 Hide
    BulkZerker , August 24, 2013 10:37 AM
    Do you suppose crime net might be involved?
  • 0 Hide
    BulkZerker , August 24, 2013 12:36 PM
    Do you suppose crime net might be involved?
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter