DDoS attacks divert security personnel, used to hide bank theft

Denial-of-service (DDoS) attacks can bring down an internet network for hours, preventing its users from accessing a particular service altogether. Although the motives behind these type of attacks vary, analyst Avivah Litan of Gartner says that in recent months, criminals have been using such methods to divert the attention of a bank's security team while they quietly conduct fraudulent wire transfers.

Litan has noticed three US banks that have been the victims of such crimes, but has chosen not to disclose their identities to the public. She did, however, mention that the slew of DDoS attacks that brought down several banks over the winter months are unrelated incidents. These include the downed webpages of JP Morgan, Wells Fargo, Bank of America, Chase, Citigroup, and HSBC, among others.

To successfully mask their theft, the criminals make sure that the website isn't downed for too long a time; the last thing they want to do is attract any extra attention. "It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours," explained Litan, who is an expert in financial fraud.

Once the DDoS attack has been deployed, the cybercrooks gain access to the master payment switch via an employee's privileged account. This is not to say that it requires a corrupt bank employee to pull off the heist; traditionally, their login credentials are stolen. With the master payment switch under control, they aren't restricted to accessing just one account at a time; they can transfer money from multiple accounts simultaneously.

To protect themselves, Litan offered up some advice to bank managers. "One rule that banks should institute is to slow down the money transfer system while under a DDoS attack," she explained. "More generally, a layered fraud prevention and security approach is warranted."

Most importantly, bank institutions need to take these issues seriously and learn from past victims. After all, using DDoS attacks to hide malicious activity isn't exactly a new approach. Back in April, the Dell SecureWorks Counter Threat Unit released a report detailing a popular DDoS toolkit known as Dirt Jumper. Retailing for just $200, the Dirt Jumper acts as an effective mask and is already responsible for nearly $2.1 million in stolen funds.