According to a recent U.S. Federal Bureau of Investigation fraud alert, cyber criminals are now “using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials. The stolen credentials were used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actor(s) [crooks] raised the wire transfer limit on the customer’s account to allow for a larger transfer.”
This trend in banking malware fraud seems to be a new direction for the cyber criminals who have in the past used the Zeus Banking Trojan malware to attack individual banking customers’ home computers through malicious Internet websites and initiate bank funds transfers from the customer’s computer. I guess it was only a matter of time before the crooks realized that attacking the banking institution itself would be more profitable.
Once the banking employee’s computer was compromised and they had access to the banking institution’s computer systems they were able to search for accounts with the largest balances and transfer funds using the banks authorization codes and procedures.
Since the new attack point is the banking institutions employees, I can only guess how the crooks found out who the employees were…think social networking sites such as Facebook, Twitter, LinkedIn and others where users are encouraged to place personally identifiable information on their profile pages, such as…you guessed it, their place of employment.
It is reported that “In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public Web site(s) and/or Internet Banking URL. The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer. One botnet that has been used for this type of distraction is the Dirtjumper botnet. Dirtjumper is a commercial crimeware kit that can be bought and sold on criminal forums for approximately $200.”
A DDoS is simply the crooks using their many computers and botnets to send so many messages, transactions, login attempts, etc. to the victim computer that it can’t function and usually must be taken down temporarily.
Check your bank account transactions on a regular basis looking for unauthorized withdrawals and report them to your banking institution immediately. I’d also send them a copy of the referenced FBI Fraud Alert, asking them if they have implemented policies and procedures to guard against such an attack.
I hope you enjoyed this article; and if you’d like to receive an email when a new article is posted, please sign up for an email subscription on my home page. Don’t worry…I won’t give your email address to anyone…No One; I hate spam. Please share my blog with your friends and family. I’m also on Twitter as @PaulsInternetSecurity.