Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Coordinated Malware and DDoS Attacks Designed to Drain Bank Accounts

FBI Warns of New Spear Phishing Campaign Using Zeus Variant “Gameover” Malware While Also Launching DDoS Attack

The FBI is warning the public about a cyber-crime ring that not only steals banking credentials but also launches a distributed denial of service (DDoS) attack on the victim’s financial institution as a diversion.

FBI Warns of New Spear Phishing Campaign Using Zeus Variant “Gameover” Malware While Also Launching DDoS Attack

The FBI is warning the public about a cyber-crime ring that not only steals banking credentials but also launches a distributed denial of service (DDoS) attack on the victim’s financial institution as a diversion.

Cybercriminals use Gameover Malware Coordinated with DDoS AttacksThe red herring is the attackers’ way of pulling attention away from illegal wire transfers and rendering the bank unable to reverse the transactions if they are uncovered, according to the advisory from the cyber squad of the FBI’s Denver field office.

“The campaign involves a variant of the “Zeus” malware called ‘Gameover,’” according to the agency. “The spam campaign is pretending to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed.

Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.” Once the accounts are compromised, the DDoS attack is launched. Due to the actions of hackers associated with Anonymous and other groups, DDoS attacks have gotten a significant amount of media exposure in the past two years. Organizations should have a DDoS response plan in place as part of their security strategy in case they are targeted by the attackers, suggests Mike Paquette, chief strategy officer at Corero Network Security.

“As with all incident response plans, advance preparation is key to rapid and effective action, avoiding an all-hands-on-deck scramble in the face of a DDoS attack,” he said. “A DDoS response plan lists and describes the steps organizations should take if its IT infrastructure is subjected to a DDoS attack…highly capable attackers will switch to different attack sources and alternative attack methods as each new attempt is countered or fails. It is therefore essential the DDoS response plan defines when and how additional mitigation resources are engaged and surveillance tightened.”

The use of DDoS as a diversion as part of a larger attack is something of a surprising turn, but it is also a natural escalation in tactics that may only get worse in the future, opined Kurt Wescoe, vice president of engineering for Wombat Security.

A portion of the wire transfers are being transmitted directly to high-end jewelry stores that are then visited by money mules who pick up jewelry worth whatever amount was stolen, according to the FBI.

“Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches,” the FBI said. “The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain.”

The FBI in Denver is asking all consumers to be cautious of opening emails from unfamiliar senders.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.