Cyber-thieves using DDoS to distract banks and victims from spotting fraud

Fraudsters launch DDoS attacks against banks after they steal money from their customers

Cyber-thieves are using distributed denial-of-service (DDoS) attacks in order to distract banks from spotting and reversing fraudulent wire transfers initiated on behalf of their customers.

The FBI has recently issued an alert about fake emails that purport to come from the National Automated Clearing House Association (NACHA) and distribute a variant of the Zeus banking trojan.

According to the bureau, after infecting computers with this notorious piece of malware, the fraudsters steal online banking credentials and launch DDoS attacks against the financial institutions used by the victims.

The attacks serve as a diversion, said Neal Quinn, vice president of operations at DDoS mitigation provider Prolexic, in a phone interview. Cyber-thieves believe that this will distract the bank's personnel and prevent them from spotting the fraudulent activity, he explained.

DDoS attacks against financial institutions are not new and Prolexic has observed them for a long time, said Quinn. In the past such attacks were launched by phishers to add credibility to their claims that banks are having technical difficulties.

Similar attacks can also be directed at the fraud victims in order to prevent them from accessing their online banking accounts and spotting the fraud too quickly. This gives fraudsters enough time to transfer the stolen funds to accomplices before the banks are notified and reverse the transactions.

Prolexic wasn't able to confirm incidents where the attackers had this particular motive, but Quinn agreed that it's a plausible scenario. Online banking systems can be attacked for a similar reason -- to prevent victims from accessing them and noticing the unauthorized transfers.

Another interesting aspect of the fraud operation reported by the FBI is the method used by attackers to obtain the stolen money. This involved placing orders at jewelry stores in advance and picking up the expensive items when the funds got transferred into their accounts.

Traditionally, fraudsters employed individuals known as money mules to set up bank accounts and receive the stolen money. In many cases the money mules were not even aware that they're part of an illegal operation and believed that they're working as local managers for foreign companies.

However, since banks have strengthened their security and the general public has been alerted about fake job offers posted online by fraudsters, cyber-thieves have had to come up with new ways of receiving the stolen funds.

Tags securityProlexicfbifraud


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.