Security analysts are warning that hackers have successfully used DDoS attacks to mask the theft of several million dollars from at least three banks in the US.
Cybercriminals have used low-level DDoS attacks to distract the security response teams of the targeted banks, allowing them to steal millions from a number of accounts via wire payment, according to Avivah Litan, Vice President and Distinguished Analyst, Gartner.
The attacks, which took place over the past few months, appeared to use high levels of access to the bank’s systems, to allow them to control the wire payment switch of each bank, which controls all of the bank’s wire transfer activities. This allowed the hackers to make multiple transfers from as many accounts as they liked, compared to a usual wire transfer attack, which would typically use a stolen login and card number to steal money from one account at a time.
It is not clear how the attackers gained control of the wire payment switch, but it is suspected that complex, persistent phishing attacks against bank staff were used to gain high level access.
Litan told SC Magazine that the attacks were different to recent ‘hacktivist’ sponsored DDoS attacks that aimed to completely take down the bank’s websites, but appeared to be used to divert attention and provide cover for the unauthorised transfers to take place.
“It wasn’t the politically motivated groups,” she said. “It was a stealth, low-powered DDoS attack, meaning it wasn’t something that knocked their website down for hours.
“Considerable financial damage has resulted from these attacks. One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted,” she added.
DDoS attacks had already been seen in co-ordination with unauthorised transfer attacks on banks, as reported by Dell SecureWorks in April. Researchers noted that a $200 crimeware kit, called Dirt Jumper, was used to create a botnet to launch DDoS attacks of short duration, generally after an unauthorised transfer had taken place.