Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Coordinated Malware and DDoS Attacks Designed to Drain Bank Accounts

FBI Warns of New Spear Phishing Campaign Using Zeus Variant “Gameover” Malware While Also Launching DDoS Attack

The FBI is warning the public about a cyber-crime ring that not only steals banking credentials but also launches a distributed denial of service (DDoS) attack on the victim’s financial institution as a diversion.

FBI Warns of New Spear Phishing Campaign Using Zeus Variant “Gameover” Malware While Also Launching DDoS Attack

The FBI is warning the public about a cyber-crime ring that not only steals banking credentials but also launches a distributed denial of service (DDoS) attack on the victim’s financial institution as a diversion.

Cybercriminals use Gameover Malware Coordinated with DDoS AttacksThe red herring is the attackers’ way of pulling attention away from illegal wire transfers and rendering the bank unable to reverse the transactions if they are uncovered, according to the advisory from the cyber squad of the FBI’s Denver field office.

“The campaign involves a variant of the “Zeus” malware called ‘Gameover,’” according to the agency. “The spam campaign is pretending to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there was problem with the ACH transaction at their bank and it was not processed.

Once they click on the link they are infected with the Zeus or Gameover malware, which is able to key log as well as steal their online banking credentials, defeating several forms of two factor authentication.” Once the accounts are compromised, the DDoS attack is launched. Due to the actions of hackers associated with Anonymous and other groups, DDoS attacks have gotten a significant amount of media exposure in the past two years. Organizations should have a DDoS response plan in place as part of their security strategy in case they are targeted by the attackers, suggests Mike Paquette, chief strategy officer at Corero Network Security.

“As with all incident response plans, advance preparation is key to rapid and effective action, avoiding an all-hands-on-deck scramble in the face of a DDoS attack,” he said. “A DDoS response plan lists and describes the steps organizations should take if its IT infrastructure is subjected to a DDoS attack…highly capable attackers will switch to different attack sources and alternative attack methods as each new attempt is countered or fails. It is therefore essential the DDoS response plan defines when and how additional mitigation resources are engaged and surveillance tightened.”

The use of DDoS as a diversion as part of a larger attack is something of a surprising turn, but it is also a natural escalation in tactics that may only get worse in the future, opined Kurt Wescoe, vice president of engineering for Wombat Security.

A portion of the wire transfers are being transmitted directly to high-end jewelry stores that are then visited by money mules who pick up jewelry worth whatever amount was stolen, according to the FBI.

“Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches,” the FBI said. “The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain.”

Advertisement. Scroll to continue reading.

The FBI in Denver is asking all consumers to be cautious of opening emails from unfamiliar senders.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.