Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Criminals have recently hijacked the wire payment switch at several US banks to steal millions from accounts, a security analyst says.
Gartner vice president Avivah Litan said at least three banks were struck in the past few months using "low-powered" distributed denial-of-service (DDoS) attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring.
The loses “added up to millions [lost] across the three banks", she said.
"It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours."
The attack against the wire payment switch -- a system that manages and executes wire transfers at banks -- could have resulted in even far greater loses, Litan said.
It differed from traditional attacks which typically took aim at customer computers to steal banking credentials such as login information and card numbers.
While it was unclear how the attackers gained access to the wire payment switch, fraudsters could have targeted bank staff with phishing emails to plant malware on bank computers.
RSA researcher Limor Kessem said she had not seen the wire payment switch attacks in the wild, but the company had received reports of the attacks from customers.
"The service portal is down, the bank is losing money and reliability, and the security team is juggling the priorities of what to fix first," she said.
"That's when the switch attack – which is very rare because those systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case – takes place."
Litan declined to name the victim banks but said that the attacks did not appear linked to recent hacktivist-launched DDoS attacks against US banks since they were entirely financially driven.
Researchers at Dell SecureWorks in April detailed how DDoS attacks were used as a cover for fraudulent attacks against banks.
The researchers said fraudsters were using Dirt Jumper, a $200 crimeware kit that launches DDoS attacks, to draw bank employees' attention away from fraudulent wire and ACH transactions ranging from $180,000 to $2.1 million in attempted transfers.
Last September, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, issued a joint alert about the Dirt Jumper crimeware kit being used to prevent bank staff from identifying fraudulent transactions.
In the alert, the organisations said criminals used phishing emails to lure bank employees' into installing remote access trojans and keystroke loggers that stole their credentials.
In some incidents, attackers who gained the credentials of multiple employees were able to obtain privileged access rights and “handle all aspects of a wire transaction, including the approval,” the alert said – a feat that sounds daringly similar to recent attacks on the wire hub at banks.
“In at least one instance, actors browsed through multiple accounts, apparently selecting the accounts with the largest balance."
Litan suggested that financial institutions "slow down" their money transfer system when experiencing DDoS attacks in order to minimise the impact of such threats.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.