This "Massive" Cybersecurity Attack Targets Your Money
Source: http://feeds.moneymorning.com/~r/moneymorning/jOLe/~3/foBYS17ESmc/Posted on Friday, December 14th, 2012 | In Uncategorized
Contributed by: Money Morning (http://moneymorning.com) -
Even though the group had announced the attack in advance, major banks, including Bank of America Corp. (NYSE: BAC), US Bancorp (NYSE: USB) and PNC Financial Services (NYSE: PNC) found their Websites flooding with junk data, preventing their customers from accessing their accounts and conducting business. Some banks were unable to use their Websites for a few hours, others, for an entire day.
The Cyber Fighters announced new attacks to take place this week.
Although it has not been proven, it is thought that the Cyber Fighters of Izz ad-Din al-Qassam are sponsored by the government of Iran.
Late last month, Arbor Networks, a network security company, warned of an "Armageddon attack" in which the amount of data used in a DDoS attack could "not only overwhelm the end victim but also all the Internet providers in between," Carlos Morales,VP for global sales engineering and operations, told InformationWeek Security.
"What's alarming is that even though the attackers announced the exact date and time that they would be launching their attacks, as well as their targets, the targeted financial institutions were unable to prevent their websites from being disrupted," InformationWeek Security wrote, referring to the denial of service attacks on U.S. banks in September.
"Bank officials and DDoS experts have both said that the sheer scale of the attacks was to blame. Attackers had apparently compromised servers - most likely at service providers -that were able to support high-bandwidth attacks. Together with blended attack techniques, attackers overwhelmed every one of their targets."
It has become progressively easier to launch massive DDoS attacks using either compromised high-bandwidth servers or botnets-millions of "zombie" PCs that have been infected with malware so that they respond to commands from a remote hacker.
"The attack volumes theoretically now available would make it possible for attackers to disrupt not just their targets, but every service provider in between," InformationWeek Securitywrote.
"Service providers have a lot of bandwidth throughout their network, but there are limits to how much traffic they can handle," Morales told InformationWeek Security. "Attacks of that magnitude described would have profound effect on the Internet as a whole, exploiting bottlenecks in many places simultaneously. No single service provider, even the largest tier ones, would be able to handle all this traffic without adversely affecting their user base."
This has the government worried.
Fortunately, September's DDoS attacks on American banks failed to disrupt the banks' shared infrastructure.
John M. "Mike" McConnell, the former U.S. director of national intelligence and current vice chairman of Booz Allen Hamilton, told the Bloomberg Link Enterprise Risk Conference, "If the DDoS broke into the clearing banks and froze their systems, the global financial markets would freeze," which could cause financial panic, such as a run on banks and wild swings in the financial markets.
In an interview with the Financial Times on Dec. 2, McConnell said, "We have had our 9/11 warning. Are we going to wait for the cyber equivalent of the collapse of the World Trade Centers?" McConnell continued, "All of a sudden, the power doesn't work, there's no way you can get money, you can't get out of town, you can't get online, and banking, as a function to make the world work, starts to not be reliable. Now, that is a cyber Pearl Harbor, and it is achievable."
Related Articles and News:
Tags: computer security attacks, cyber security risk, cybersecurity, cybersecurity attack, cybersecurity in 2013, government cyber security, threats cyber security, top cyber threats, top security attacks, types of cyber security attacks
If you haven't yet been the victim of a cybersecurity attack, you might be soon depending on what bank you use.
Computer security firm McAfee issued a report yesterday (Thursday) alleging a "massive cyberattack" was being planned for next spring.
According to CNNMoney, a gang of criminals headed by a Russian cyber mafia chief known as NSD had developed a powerful "Trojan Horse" program designed to take money out of victims' bank accounts and channel it into their own.
The plan, called "Project Blitzkrieg," was aimed at 30 U.S. financial institutions, including online payment company PayPal, and was based on a malware program that would clone an account holder's computer to make it look like the accounts were being accessed from the owner's home computer, avoiding security questions that would deny the criminals access to the accounts. The idea was to then access thousands of accounts simultaneously to take out small amounts of cash from each one that would total millions of dollars.
Project Blitzkrieg first came to light when notices were posted on hacker Websites looking for hackers to join the group planning the attack. They offered a share of the loot for service.
Once the plan was discovered, it seems to have "gone dark."
It is impossible to know if Project Blitzkrieg has been cancelled or whether it is proceeding under much tighter security but security companies, including McAfee, have been working with banks to bolster their security.
Computer security firm McAfee issued a report yesterday (Thursday) alleging a "massive cyberattack" was being planned for next spring.
According to CNNMoney, a gang of criminals headed by a Russian cyber mafia chief known as NSD had developed a powerful "Trojan Horse" program designed to take money out of victims' bank accounts and channel it into their own.
The plan, called "Project Blitzkrieg," was aimed at 30 U.S. financial institutions, including online payment company PayPal, and was based on a malware program that would clone an account holder's computer to make it look like the accounts were being accessed from the owner's home computer, avoiding security questions that would deny the criminals access to the accounts. The idea was to then access thousands of accounts simultaneously to take out small amounts of cash from each one that would total millions of dollars.
Project Blitzkrieg first came to light when notices were posted on hacker Websites looking for hackers to join the group planning the attack. They offered a share of the loot for service.
Once the plan was discovered, it seems to have "gone dark."
It is impossible to know if Project Blitzkrieg has been cancelled or whether it is proceeding under much tighter security but security companies, including McAfee, have been working with banks to bolster their security.
The Latest Cybersecurity Threat
In September, an Iranian hacker group calling itself Cyber Fighters of Izz ad-Din al-Qassam announced it would launch a "distributed denial of service" (DDoS) attack on major U.S. banks.Even though the group had announced the attack in advance, major banks, including Bank of America Corp. (NYSE: BAC), US Bancorp (NYSE: USB) and PNC Financial Services (NYSE: PNC) found their Websites flooding with junk data, preventing their customers from accessing their accounts and conducting business. Some banks were unable to use their Websites for a few hours, others, for an entire day.
The Cyber Fighters announced new attacks to take place this week.
Although it has not been proven, it is thought that the Cyber Fighters of Izz ad-Din al-Qassam are sponsored by the government of Iran.
Late last month, Arbor Networks, a network security company, warned of an "Armageddon attack" in which the amount of data used in a DDoS attack could "not only overwhelm the end victim but also all the Internet providers in between," Carlos Morales,VP for global sales engineering and operations, told InformationWeek Security.
"What's alarming is that even though the attackers announced the exact date and time that they would be launching their attacks, as well as their targets, the targeted financial institutions were unable to prevent their websites from being disrupted," InformationWeek Security wrote, referring to the denial of service attacks on U.S. banks in September.
"Bank officials and DDoS experts have both said that the sheer scale of the attacks was to blame. Attackers had apparently compromised servers - most likely at service providers -that were able to support high-bandwidth attacks. Together with blended attack techniques, attackers overwhelmed every one of their targets."
It has become progressively easier to launch massive DDoS attacks using either compromised high-bandwidth servers or botnets-millions of "zombie" PCs that have been infected with malware so that they respond to commands from a remote hacker.
"The attack volumes theoretically now available would make it possible for attackers to disrupt not just their targets, but every service provider in between," InformationWeek Securitywrote.
"Service providers have a lot of bandwidth throughout their network, but there are limits to how much traffic they can handle," Morales told InformationWeek Security. "Attacks of that magnitude described would have profound effect on the Internet as a whole, exploiting bottlenecks in many places simultaneously. No single service provider, even the largest tier ones, would be able to handle all this traffic without adversely affecting their user base."
This has the government worried.
Cybersecurity in 2013
U.S. Secretary of Defense Leon Panetta has said publicly that he is concerned that not only banks but critical American infrastructure is vulnerable to this type of massive DDoS attack.Fortunately, September's DDoS attacks on American banks failed to disrupt the banks' shared infrastructure.
John M. "Mike" McConnell, the former U.S. director of national intelligence and current vice chairman of Booz Allen Hamilton, told the Bloomberg Link Enterprise Risk Conference, "If the DDoS broke into the clearing banks and froze their systems, the global financial markets would freeze," which could cause financial panic, such as a run on banks and wild swings in the financial markets.
In an interview with the Financial Times on Dec. 2, McConnell said, "We have had our 9/11 warning. Are we going to wait for the cyber equivalent of the collapse of the World Trade Centers?" McConnell continued, "All of a sudden, the power doesn't work, there's no way you can get money, you can't get out of town, you can't get online, and banking, as a function to make the world work, starts to not be reliable. Now, that is a cyber Pearl Harbor, and it is achievable."
Related Articles and News:
- Money Morning:
Cybersecurity Companies Gear Up for Huge Role in 2013 - Financial Times:
Former US spy chief warns on cybersecurity - CNNMoney:
Massive bank cyberattack planned - Bloomberg Businessweek:
Threatened Cyber Attack on Banks `Credible,' McAfee Says - Wall Street & Technology:
Can Banks Prevent the Next Cyber Attack? - InformationWeek Security:
Bank DDoS Strikes Could Presage Armageddon Attacks
Tags: computer security attacks, cyber security risk, cybersecurity, cybersecurity attack, cybersecurity in 2013, government cyber security, threats cyber security, top cyber threats, top security attacks, types of cyber security attacks
About Money Morning (http://moneymorning.com)
Money Moves the Markets; Money Morning Lets You Move First We’re in the midst of the greatest investing boom in almost 60 years. And rest assured - this boom is not about to end anytime soon. You see, the “flattening of the world” continues to spawn new markets worth trillions of dollars; new customers that measure in the billions; an insatiable global demand for basic resources that’s growing exponentially ; and a technological revolution even in the most distant markets on the planet. The bottom line is this: With U.S. influence slipping, and the dollar declining as well, investors who think too narrowly about this transformation will face years of meager returns. But those who embrace this new global reality can make themselves very wealthy. # Over the next 25 years, America’s share of the worldwide economic pie will slip from 28% to 24%… # Even as Asia’s share almost doubles ;which means it will account for a whopping 55% of the global economy by 2030. The big brokerage firms are making a killing on the global boom. Yet Wall Street reserves the timeliest information - and the best profit opportunities - for its partners or wealthiest clients. And the Securities and Exchange Commission doesn’t help the everyday investor much either. The second sad fact is this: While you can buy any U.S. or Canadian stock you want, the SEC prohibits you from purchasing many of the available international stocks. The reason: Foreign companies that haven’t registered with the SEC are off-limits to most U.S. individual investors. Our worldwide research staff includes former investment bankers, international financiers, emerging markets specialists and veteran financial journalists. Our experts know that certain capital flows essentially act as a “leading indicator” of future profit opportunities. These are opportunities that you won’t be reading or hearing about anywhere else. Each weekday morning, in a readable style you can digest in just a few minutes, you will reap the benefits of our research and expert experiences. Indeed, Money Morning will bring you: # The latest reports on China, Japan, Emerging Europe, and the other global hot spots where most investor wealth will be created in the months and years to come… # Reports on companies you’ve likely never heard of - even though they’re poised to sell billions worth of their wares to “new middle class” customers around the world… # Information on the U.S. companies shrewd enough to cash in on this boom in global; # The latest developments in banking, interest rates, foreign investment and other global investing topics; # Advice on how to invest in currencies, precious metals, commodities and energy # Inside news on the hottest investments, including water, uranium and private equity… # And news on rules and regulations, financial trends and strategies - and any other “market intelligence” that you will need to become a shrewd-and-successful investor in the greatest global investing boom most of us will ever see. Money does move markets. But Money Morning lets you move first. |
No recommendations, either expressed or implied, are being made to buy, sell, hold or short any of the mentioned stocks. No legal, tax or accounting advice is expressed or implied. Always contact your attorney, CPA, or tax advisor before acting on any legal or tax issues. StraightStocks.com is not responsible for the content, products, or services of any of the advertisers on this site. StraightStocks.com receives compensation from advertisers on this blog. Services and products referred to herein are trademarks, registered trademarks, servicemarks, and/or registered servicemarks of their respective trademark or servicemark owners.