Cyber-thieves using DDoS to distract banks and victims from spotting fraud

Fraudsters launch DDoS attacks against banks after they steal money from their customers

Cyber-thieves are using DDoS (distributed denial-of-service) attacks in order to distract banks from spotting and reversing fraudulent wire transfers initiated on behalf of their customers.

The FBI has recently issued an alert about fake emails that purport to come from the NACHA (National Automated Clearing House Association) and distribute a variant of the Zeus banking trojan.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

According to the bureau, after infecting computers with this notorious piece of malware, the fraudsters steal online banking credentials and launch DDoS attacks against the financial institutions used by the victims.

The attacks serve as a diversion, said Neal Quinn, vice president of operations at DDoS mitigation provider Prolexic, in a phone interview. Cyber-thieves believe that this will distract the bank's personnel and prevent them from spotting the fraudulent activity, he explained.

DDoS attacks against financial institutions are not new and Prolexic has observed them for a long time, said Quinn. In the past such attacks were launched by phishers to add credibility to their claims that banks are having technical difficulties.

Similar attacks can also be directed at the fraud victims in order to prevent them from accessing their online banking accounts and spotting the fraud too quickly. This gives fraudsters enough time to transfer the stolen funds to accomplices before the banks are notified and reverse the transactions.

Prolexic wasn't able to confirm incidents where the attackers had this particular motive, but Quinn agreed that it's a plausible scenario. Online banking systems can be attacked for a similar reason -- to prevent victims from accessing them and noticing the unauthorized transfers.

Another interesting aspect of the fraud operation reported by the FBI is the method used by attackers to obtain the stolen money. This involved placing orders at jewelry stores in advance and picking up the expensive items when the funds got transferred into their accounts.

Traditionally, fraudsters employed individuals known as money mules to set up bank accounts and receive the stolen money. In many cases the money mules were not even aware that they're part of an illegal operation and believed that they're working as local managers for foreign companies.

However, since banks have strengthened their security and the general public has been alerted about fake job offers posted online by fraudsters, cyber-thieves have had to come up with new ways of receiving the stolen funds.


Copyright © 2011 IDG Communications, Inc.