Quick, Look Over There: DDoS Diversions Result in Millions Stolen from US Banks

The most recent hack on at least three major banks involved “low-powered” DDoS attacks targeting wire payment switch systems. A wire payment switch system manages and executes wire transfers at banks. While the story is still developing on how exactly the hackers accessed wire transfers, it is known that DDoS attacks were used to divert the attention of bank security staff in order to gain access to the system.

This event presents a different type of security risk that organizations might not consider – the fact that they may have concentrated all or too much of their resources/personnel on handling attacks while neglecting security of other systems. One way to remedy this issue is to partner with an IT and hosting firm that specializes in technical security and secure hosting. Their focus and investment is in providing expert IT management and support, which frees up your organization to focus solely on your business growth.

By using DDoS attacks as their cover, the hackers somehow took over the payment switch (wire application) by using the credentials of a privileged user account. By controlling the master payment switch, hackers were able to move large amounts of money from as many accounts as they could get away with unnoticed, as reported by Gartner VP Analyst Avivah Litan. Dell SecureWorks researchers identified a crimeware kit, Dirt Jumper, that launches DDoS attacks and allow for wire and ACH (Automated Clearing House) transactions up to $2.1 million.

SCMagazine.com suggests that the hackers may have gained access to the wire payment switch with the assistance of phishing emails used to plant malware on bank computers. Phishing emails, a type of social engineering attack, may purport to be sent from a credible or trusted source, so employees of the bank are more likely to open and/or click on links within the email which can compromise their systems.

Another example of phishing emails resulting in a major hack occurred last week – Syrian hackers took down CNN, Time and the Washington Post by targeting a third-party vendor that supported all three with their ad content network. By sending employees a phishing email that appeared to be from their CEO, the hackers obtained login credentials to their systems, then planted code in articles that somehow redirected them to the Syrian Electronic Army website. Read more in Chain of Trust: Importance of Vetting Third-Party Security.

In that case, it appeared to be an act of hacktivism, or politically/socially motivated hacking. But for banks and other financial institutions, it means they’re losing a lot of money and fast. Staff training can help prevent employees from falling prey to social engineering attacks that can put their companies at serious risk, while partnering with a secure hosting company can give you extra IT security resources at lower costs than employing your own.