Blog Entry #9: Hold on to your wallet.

LINK: http://www.pcworld.com/article/2011307/cybercriminals-plotting-massive-banking-trojan-attack-security-firm-warns.html

            It looks like the assault on U.S. banks will not let up anytime soon. Jaikumar Vijavan writes about a looming attack uncovered by security group RSA. According to RSA, a major campaign is underway to rob online bank accounts of thousands of customers of over 30 major U.S. banks. Information obtained by RSA reveals that the group will use malware called Gozi Prinimalka. This is an updated version of Gozi which caused the loss of millions by U.S. banks a few years back. The malware will “infiltrate computers belonging to U.S. banking customers and use the hijacked machines to initiate fraudulent wire transfers from their accounts.” The scale of this operation is unparalleled, with the criminal organization looking to recruit about 100 botmasters to carry out the Trojan attacks for a share of the stolen money. It is suspected this newest attack will focus on individual consumer accounts rather than going after the banks as a whole. The Trojan being used will trigger when certain words are entered into a URL string. The malware will then create a virtual machine identical to the one infected, allowing the criminals to access banking websites from computers with the same IP address as the infected machines.
            U.S. banks recently fell victim to sustained DDoS attacks which caused websites of several major banks, including JP Morgan Chase, Bank of America, Citigroup and Wells Fargo to be disrupted for a period of time. This most likely already cost the banks millions and further attacks would only raise the amount losses. These attacks are thought to have been initiated by a government body, but a group called "Cyber fighters of Izz ad-din Al qassam" claims to be behind the attack. Banks have been made aware of current and future attacks by the Financial Services Information Sharing and Analysis Center (FS-ISAC), specifically “to watch out for hackers using spam, phishing emails, Remote Access Trojans and keystroke loggers to try and pry loose bank employee usernames and passwords.”
            In order to protect against this it is important that anyone who uses online banking updates their browser and is vigilant in monitoring account activity. No word was given in the article about an exact date, but all signs point to this attack happening sometime this fall.