The FBI has warned that cyber criminals are launching DDoS attacks against banks and their customers to divert attention from high-stakes digital heists.
The attacks apparently coincide with corporate account takeovers perpetrated by thieves fielding a modified version of the ZeuS Trojan known as “Gameover.”
As security expert Brian Krebs notes, the spate of thefts has occurred in the wake of a heavy spam campaign generated to deploy the malware, which arrives in an email (allegedly) from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments.
When activated, the ZeuS variant goes to work stealing passwords, facilitating direct access to PCs and networks. During several recent attacks, the victim’s public-facing Internet address was targeted by a DDoS offensive as soon as thieves wired money out of an organization account.
Interestingly enough, it appears as if the perpetrators have deployed money mules in the US for at least some of the heists – as a number of unauthorized wire transfers from victim organizations have been transmitted directly to high-end jewelry stores, where the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).
Launching a cyber attack to mask illicit criminal activity is a strategy that seems to have worked particularly well against Sony, which attempt to counter a massive DDoS attack while data on more than 100 million customers was deftly extracted by hackers.
“In the chaos of a DDoS, typically network administrators are so busy trying to keep the network up that they miss the real attack,” explained Jose Enrique Hernandez, a security expert at Prolexic, a Hollywood, Fla. based DDoS mitigation company. “It’s a basic diversion technique.”