Last week, news broke that hackers were planning a huge hack as soon as the spring. Now, Russian hackers with servers in Romania have some officials worried. So far the group has said it will attack at least thirty banks and other financial entities in the coming months. And unlike the problems over the past few months of denial of service attacks, this gang is looking to actually steal your money.
McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned,
said Ryan Sherstobitoff, McAfee Labs’ threat researcher. It’s been named Project Blitzkrieg and was designed to target, penetrate and then steal the funds from bank accounts. And there are many analysts who believe it has the capabilities to just that very thing. It will target those banks and credit unions with lax security protocols. In fact, it’s entirely possible it’s already tested its technology by pulled “virtually undetectable” amounts of money from bank accounts. Those transactions might total only three or four cents, but the group’s really not even worried about getting caught since they know, first they’re out of the U.S. and second, they say there are no safeguards preventing them from doing what they want and when they want.
The targets are all U.S. banks,
said a spokesperson with McAfee, and the group says the focus will be on those American banking institutes that it can get into fast, pull whatever it wants out of your account and then disappear, ideally before a vulnerability has even been acknowledged.
This isn’t the first time a threat associated with this group has surfaced, either. The group came out of nowhere in September, though it’s believed it’s been working incognito as far back as March. The Russian leader goes by the name “vorVzakone”. That translates into “thief in law”. The heavy attacks were originally planned to begin this fall, however McAfee’s data, based on a number of factors, show they will actually occur in the spring of 2013. There have already been at least 500 victims associated with vorVzakone, McAfee said.
The attackers have managed to run an operation undetected for several months while infecting a few hundred.
The technology is advanced and historically, the group has used a series of trojans; this time, it’s the Prinimalka Trojan associated with Project Blitzkrieg. Analysts have determined it’s directly associated with a Gozi variant that was first discovered in early 2007, also used to hit financial targets here in the U.S.
There have been a series of vulnerable areas discovered and not surprisingly, there’s a heavy concentration in the southeast and thirty banking types have been singled out, including small community banks and credit unions. The worries are that the group will use a “technical, innovative back end with the tactics of a successful, organized cybercrime movement.”
Taking it a step further, it’s believed the hijacking will include capturing log in information, security questions and answers and any patterns consumers use, such as logging in each morning or evening. They will be able to manipulate that kind of data so that it will allow them to better “mirror” their victims’ habits. An extracted scrip allows them to record balances and then post that information to a server file. Ibanking is used by hundreds of financial institutions around the nation and McAfee believes this very basic form of collecting data will be the ticket in.
As far as the banks, go, Citigroup has already acknowledged the threat and said it’s in a critical priority mode with the goal to protect not only the bank, but its customers.
We have a focused information security strategy and dedicated resources to execute it,
a Citi spokesperson said. So far, other banks named include Bank of America, Goldman Sachs and Morgan Stanley. It doesn’t appear these banks are ready to release any kind of statement.
As if this new concern wasn’t bad enough, banks are still dealing with the so called denial of service attacks which appear to be picking up again. Last week, the group that’s claiming responsibility began posting on its preferred method of communication, PasteBin. These attacks, while frustrating, aren’t a threat to any consumer’s data – including their cash. They do, however, make it incredibly difficult for consumers to access their accounts.
Project Blitzkrieg is expected to start slow and work its way up to hundreds of thousands of consumers and it’s entirely likely it will hone in on those with high bank balances. There’s been no word on whether or not other information, such as credit card data, is at risk.
There’s also the risk of this trojan doing massive damage to individuals’ computers.
What are your thoughts on this sudden emergence of data hackers? Share your thoughts with our readers.