Cybersecurity News

The financial industry must prepare for a “mass fraud campaign” that will target 30 of the United States’ banks by spring 2013, according to a new report.

Less than three months after news surfaced that massive denial-of-service cyber attacks shuttered the websites of some the nation’s most prominent banks, including Bank of America and JPMorgan Chase, a new report from security firm McAfee advises that there is still a “credible threat.”

According to the report, a hacker known as vorVzakone posted on an online Russian forum in September, claiming that a malicious Trojan, under development since 2008, was capable of continued attacks on the U.S. financial industry.

Dubbed Project Blitzkrieg, the hacker alleged that a pilot program using the Trojan had already infected 300 to 500 U.S. victims and successfully stolen $5 million from the system, according to McAfee.

The report suggests vorVzakone has recruited a skilled team of cybercriminals to carry out Project Blitzkrieg and has created a sophisticated system for stealing, transferring and an unprecedented sharing of the pirated funds.

“This attack combines both a technical, innovative backend with the tactics of a successful, organized cybercrime movement,” McAfee threats researcher Ryan Sherstobitoff wrote in the report. “Although Project Blitzkrieg hasn’t yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred.”

Pointing out that investment banks may be at the greatest risk, due in large part to their high-valued accounts, the report goes on to advise the financial industry to pay close attention to future outgoing transactions.

“Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010,” Sean Bodmer, chief researcher at cyber attack intelligence firm CounterTack told ClearanceJobs in a statement. “What’s new and most interesting is the mass profit sharing model being trumpeted.”

“It would seem that the criminal underground is maturing at a much faster pace than world governments believe,” he added.

____

Following are some additional cyber headlines you may have missed:

FEDERAL NEWS:

Former US spy warns on cybersecurity (Financial Times)

Senate cybersecurity measure worries contractors (Politico)

Navy aims for accredited cybersecurity major (Associated Press)

Air Force closer to defining its cybersecurity mission (National Defense)

Rep. McCaul: Cybersecurity legislation is ‘top’ priority next Congress (The Hill)

FBI pursues attack on computers of former Joint Chiefs Chairman Mullen (Wall Street Journal)

INDUSTRY OVERVIEW:

RSA CEO predicts “catastrophic” cyber attack (V3.co.uk)

Cybersecurity startup looks to hack the hackers (Los Angeles Times)

BAE Systems Detica to hire 100 cyber specialists in Malaysia (Bernama)

Instagram vulnerability on iPhone allows for account takeover (PCWorld)

Smart grid ICS cyber security market to reach $608m by 2020: report (CBR)

INTERNATIONAL  OUTLOOK:

Wary of cybersecurity laws, UK eyes private approach (Reuters)

Hong Kong cops open £700k cybersecurity center (The Register)

Saudi Arabia says cyber attack aimed to disrupt oil, gas flow (Reuters)

Saudi Kingdom’s digital future plan outlined at security summit (MENAFN)

HACKING HIGHLIGHTS:

Pakistani hacker hits over 400 Chinese govt sites (ZDNet)

Hacker group exploits massive security hole in Tumblr (BuzzFeed)

NASA hacker won’t face charges, say British police (Associated Press)

Apple hires hacker who helped save Windows from security hell (Wired)

Hacker locates John McAfee through smartphone tracks (Washington Post)

Nationwide hit by hacker, more than 1M customers affected by breach (BizJournals)

CYBER INSIGHTS:

For PC virus victims, pay or else (New York Times)

Training big data’s eye on cybersecurity threats (ZDNet)

Civil litigation: A better way to improve cybersecurity? (CSO)

Can an executive order protect against a ‘cyber Pearl Harbor?’ (FCW)

Ten ways to protect your business’ cybersecurity in 2013 (Fox News)

The year in cybersecurity: Malware, social media and web exploits (Mashable)

The future of cybersecurity legislation: Will Congress act? (Diplomatic Courier)

Ten financial services cybersecurity trends for 2013 (Wall Street & Technology)

____

This report is also available on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/1025/cybersecurity-news-round-up-targeted-cyber-attack-poses