U.S. banks have faced a series of recent cyber attacks, and a computer security firm has warned of a possible coordinated attack by hackers on a wide array of financial institutions. Most of the recent attacks seem to have had disruption as their goal. The security firm, RSA, warns that the goal of a larger, coordinated attack might be theft from online consumer accounts. Details of the attacks that have occurred remain sketchy, but they include allegations of links to the Iranian government. The developing story illustrates how hackers can affect not only organizational and enterprise security, but even national security. Businesses and organizations that handle money, confidential information, or anything else of value in a digital form should be aware of these issues.
Recent Bank Attacks
The Financial Services Information Sharing and Analysis Center (FS-ISAC) issued a warning to financial institutions on September 17, 2012, about cyber criminals using tools such as phishing and spam e-mails in an effort to hack financial networks. Malware, including “Trojan horse” programs and keystroke loggers, could enable hackers to obtain login information from financial institution employees. At the time of the FS-ISAC’s warning, most of the reported incidents had targeted small- or medium-sized banks through trojans or distributed denial of service (DDoS) attacks.
DDoS attacks, in which a massive number of computers attempt to access a website or network at once, causing it to crash, have the primary effect of disrupting an organization’s network and services. Use of trojans and other types of malware often have the intent of breaking into a system to steal information or make unauthorized financial transfers. Multiple banking organizations have reportedly suffered DDoS attacks in recent months, with the number of reported attacks increasing eighty-eight percent in the third quarter of 2012 from the same period in 2011, according to Reuters. Sources cited by Reuters also claim that Iranian hackers may be responsible for many of the attacks over the past year. A group using the name “Cyber fighters of Izz ad-din Al qassam” reportedly claimed credit for the attacks, but some analysts claim that the Iranian government is involved.
Trojan Threat
RSA’s warning concerns a version of a Trojan horse program known as “Gozi.” The original Gozi reportedly came from Russia and was first identified in January 2007. Hackers used it to steal millions of dollars from financial institutions in the U.S. Once the trojan is installed on a computer, a user unwittingly triggers it by entering certain words into a URL. RSA is calling the new version “Gozi Prinimalka,” based on code used by the gang of hackers the company suspects is behind the scheme. The new trojan reportedly allows a hacker to spoof the entire infected computer, thereby making financial transactions that appear to originate legitimately from the infected machine. The hackers are supposedly recruiting up to one hundred “botmasters” to help carry out a massive, organized attack on thirty U.S. banks.
The new version of Gozi, according to security analysts, may be more sophisticated than current security software. Security vendors are reportedly working exhaustively to study the new trojan. Banks and other institutions are advised to monitor their websites closely for unusual or suspicious activity.
Prism Risk Management provides businesses and organizations with risk and loss prevention consulting and offers services in loss control planning. To learn how our team can help your organization, contact us today online or at (512) 901-0070.
Web Resources:
Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud (PDF file), Financial Services Information Sharing and Analysis Center (FS-ISAC), in cooperation with the Federal Bureau of Investigation and the Internet Crime Complaint Center (IC3), September 17, 2012 (source)
More Blog Posts:
Distributed Denial-of-Service Attacks Pose Risks for Schools and Businesses, Prism Risk Management Blog, October 23, 2012
Guidelines for Financial Institutions that Use Outsourced Cloud Computing Can Help Other Businesses as Well, Prism Risk Management Blog, August 21, 2012
U.S. Utilities Face Cybersecurity Risks as Hacker Attacks Mount, Prism Risk Management Blog, June 11, 2012
Photo credit: “Beware of Greeks bearing gifts” by Henri Motte. [Public domain], via Wikimedia Commons.
Prism Risk Management, LLC 