Cyber-thieves using DDoS to distract banks and victims from spotting fraud

Fraudsters launch DDoS attacks against banks after they steal money from their customers

Cyber-thieves are using distributed denial-of-service (DDoS) attacks in order to distract banks from spotting and reversing fraudulent wire transfers initiated on behalf of their customers.

The FBI has recently issued an alert about fake emails that purport to come from the National Automated Clearing House Association (NACHA) and distribute a variant of the Zeus banking trojan.

According to the bureau, after infecting computers with this notorious piece of malware, the fraudsters steal online banking credentials and launch DDoS attacks against the financial institutions used by the victims.

The attacks serve as a diversion, said Neal Quinn, vice president of operations at DDoS mitigation provider Prolexic, in a phone interview. Cyber-thieves believe that this will distract the bank's personnel and prevent them from spotting the fraudulent activity, he explained.

DDoS attacks against financial institutions are not new and Prolexic has observed them for a long time, said Quinn. In the past such attacks were launched by phishers to add credibility to their claims that banks are having technical difficulties.

Similar attacks can also be directed at the fraud victims in order to prevent them from accessing their online banking accounts and spotting the fraud too quickly. This gives fraudsters enough time to transfer the stolen funds to accomplices before the banks are notified and reverse the transactions.

Prolexic wasn't able to confirm incidents where the attackers had this particular motive, but Quinn agreed that it's a plausible scenario. Online banking systems can be attacked for a similar reason -- to prevent victims from accessing them and noticing the unauthorized transfers.

Another interesting aspect of the fraud operation reported by the FBI is the method used by attackers to obtain the stolen money. This involved placing orders at jewelry stores in advance and picking up the expensive items when the funds got transferred into their accounts.

Traditionally, fraudsters employed individuals known as money mules to set up bank accounts and receive the stolen money. In many cases the money mules were not even aware that they're part of an illegal operation and believed that they're working as local managers for foreign companies.

However, since banks have strengthened their security and the general public has been alerted about fake job offers posted online by fraudsters, cyber-thieves have had to come up with new ways of receiving the stolen funds.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityProlexicfbifraud

More about CHAFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts