Millions of dollars have been lost to a new hi-tech tactic used by cybercriminals – where a low-powered DDoS attack is used as “cover” for a direct assault on the bank’s payment system.
Avivah Litan, an analyst at Gartner, describes the attack type as “ominous” and says that it has emerged in the past few months. Speaking to SC Magazine, Litan said that “stealth” low-powered DDoS attacks had been used in thefts totalling “millions”.
Litan wrote on her Gartner blog, “DDoS attacks are an increasingly popular method for criminals to divert bank security staff attention while defrauding bank systems. Until recently, most illegal money transfers were accomplished via account takeover – of either customer or employee accounts when the fraudsters moved money from customer accounts to their mules and eventually their own accounts.”
Litan says that the new attacks mark a significant shift in tactics–away from targeting individual accounts, and towards targeting “master payment switches” within bank systems.
Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.
Litan said that the attacks were separate from the long-running series of DDoS attacks targeting American banks. “It wasn’t the politically motivated groups,” she told SC Magazine.
“Considerable financial damage has resulted from these attacks,” she writes, “One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted.”
Author Rob Waugh, We Live Security