Cyber-thieves using DDoS to distract banks and victims from spotting fraud

Fraudsters launch DDoS attacks against banks after they steal money from their customers

Cyber-thieves are using distributed denial-of-service (DDoS) attacks in order to distract banks from spotting and reversing fraudulent wire transfers initiated on behalf of their customers.

The FBI has recently issued an alert about fake emails that purport to come from the National Automated Clearing House Association (NACHA) and distribute a variant of the Zeus banking trojan.

According to the bureau, after infecting computers with this notorious piece of malware, the fraudsters steal online banking credentials and launch DDoS attacks against the financial institutions used by the victims.

The attacks serve as a diversion, said Neal Quinn, vice president of operations at DDoS mitigation provider Prolexic, in a phone interview. Cyber-thieves believe that this will distract the bank's personnel and prevent them from spotting the fraudulent activity, he explained.

DDoS attacks against financial institutions are not new and Prolexic has observed them for a long time, said Quinn. In the past such attacks were launched by phishers to add credibility to their claims that banks are having technical difficulties.

Similar attacks can also be directed at the fraud victims in order to prevent them from accessing their online banking accounts and spotting the fraud too quickly. This gives fraudsters enough time to transfer the stolen funds to accomplices before the banks are notified and reverse the transactions.

Prolexic wasn't able to confirm incidents where the attackers had this particular motive, but Quinn agreed that it's a plausible scenario. Online banking systems can be attacked for a similar reason -- to prevent victims from accessing them and noticing the unauthorized transfers.

Another interesting aspect of the fraud operation reported by the FBI is the method used by attackers to obtain the stolen money. This involved placing orders at jewelry stores in advance and picking up the expensive items when the funds got transferred into their accounts.

Traditionally, fraudsters employed individuals known as money mules to set up bank accounts and receive the stolen money. In many cases the money mules were not even aware that they're part of an illegal operation and believed that they're working as local managers for foreign companies.

However, since banks have strengthened their security and the general public has been alerted about fake job offers posted online by fraudsters, cyber-thieves have had to come up with new ways of receiving the stolen funds.

Tags: fbi, fraud, Prolexic, security

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CSO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
CSO Corporate Partners
  • FirEye
  • Clear Swift
  • Trend Micro
  • Sophos
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Deep Security - Enterprise Virtualization Security

Advanced protection for physical, virtual and cloud servers

more »

Submit your own security event

Submit your training courses

Security Awareness Tip
Clearswift tips: Guidelines for introducing and policing an effective IT Policy

1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.

Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
Security ABC Guides

7 Ways to Protect Your Business Printers

Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.

Read More
more »