Targeted Cyber Attack Poses ‘Credible Threat’ to US Banks
The financial industry must prepare for a “mass fraud campaign” that will target 30 of the United States’ banks by spring 2013, according to a new report.
Less than three months after news surfaced that massive denial-of-service cyber attacks shuttered the websites of some the nation’s most prominent banks, including Bank of America and JPMorgan Chase, a new report from security firm McAfee advises that there is still a “credible threat.”
According to the report, a hacker known as vorVzakone posted on an online Russian forum in September, claiming that a malicious Trojan, under development since 2008, was capable of continued attacks on the U.S. financial industry.
Dubbed Project Blitzkrieg, the hacker alleged that a pilot program using the Trojan had already infected 300 to 500 U.S. victims and successfully stolen $5 million from the system, according to McAfee.
The report suggests vorVzakone has recruited a skilled team of cybercriminals to carry out Project Blitzkrieg and has created a sophisticated system for stealing, transferring and an unprecedented sharing of the pirated funds.
“This attack combines both a technical, innovative backend with the tactics of a successful, organized cybercrime movement,” McAfee threats researcher Ryan Sherstobitoff wrote in the report. “Although Project Blitzkrieg hasn’t yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred.”
Pointing out that investment banks may be at the greatest risk, due in large part to their high-valued accounts, the report goes on to advise the financial industry to pay close attention to future outgoing transactions.
“Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010,” Sean Bodmer, chief researcher at cyber attack intelligence firm CounterTack told ClearanceJobs in a statement. “What’s new and most interesting is the mass profit sharing model being trumpeted.”
“It would seem that the criminal underground is maturing at a much faster pace than world governments believe,” he added.
Following are some additional cyber headlines you may have missed:
Former US spy warns on cybersecurity (Financial Times)
Navy aims for accredited cybersecurity major (Associated Press)
Air Force closer to defining its cybersecurity mission (National Defense)
FBI pursues attack on computers of former Joint Chiefs Chairman Mullen (Wall Street Journal)
RSA CEO predicts “catastrophic” cyber attack (V3.co.uk)
Cybersecurity startup looks to hack the hackers (Los Angeles Times)
Hong Kong cops open £700k cybersecurity center (The Register)
NASA hacker won’t face charges, say British police (Associated Press)
Hacker locates John McAfee through smartphone tracks (Washington Post)
For PC virus victims, pay or else (New York Times)
The future of cybersecurity legislation: Will Congress act? (Diplomatic Courier)
Ten financial services cybersecurity trends for 2013 (Wall Street & Technology)
This report is also available on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/1025/cybersecurity-news-round-up-targeted-cyber-attack-poses