Respected Gartner analyst Avivah Litan has claimed in a blog post that cyber crooks have used comparatively low level DDoS – distributed denial of service – attacks to confuse and distract financial institution security staffs as fraudulent wire transfers were in motion.
In an interview with SC Magazine, Litan offered more specifics, claiming that she knows of three incidents in the past few months in which DDoS was used in heists involving “millions” of dollars.
Litan explicitly indicated that these DDoS attacks were unlike the high volume DDoS that in the past year have taken down many U.S. financial institutions including $3.8 billion, Pleasanton Calif.-based Patelco Credit Union and University Federal Credit Union, a $1.5 billion institution in Austin, Texas. No thefts have been associated with these politically motivated attacks.
Regarding the incidents she blogged about, Litan told SC Magazine: “It wasn't the politically motivated groups. It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours.”
Litan declined to name the institutions that she said suffered significant losses in these DDoS assaults.
Some months ago, security blogger Brian Krebs reported on a $900,000 heist at Bank of the West where DDoS also was used as a distraction.
In her recent blog. Litan offered details about how the attack unfolds: “Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.”
She advised institutions that when under a DDoS attack that they “slow” the wire transfer systems.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.