Skip Links

U.S. banks warned of another attack threat

Russian group promotes 'Project Blitzkrieg' crimeware campaign against 30 banks

By Taylor Armerding, CSO
October 10, 2012 08:24 AM ET

CSO - Just as one type of attack against U.S. banks has subsided, the banks are being warned to get ready for another, called "Project Blitzkrieg," aimed at online theft.

Iran denies launching cyberattacks on U.S. banks

The distributed-denial-of-service (DDoS) attacks that briefly disrupted the online services of a half-dozen major financial institutions late last month -- Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase -- ended abruptly about two weeks ago, even though the group that claimed credit for them had threatened to continue them.

Izz al-Din al-Qassam Cyber Fighters, the military wing of Hamas, the Islamic party that governs the Gaza Strip, had said in a Pastebin message that the attacks would continue until a trailer of the independent film "Innocence of Muslims," which they said insults the prophet Mohammed, was taken off the Internet.

But now, says a blog post by Mor Ahuvia, cybercrime communication specialist at security firm RSA, another wave of attacks is looming, this one aimed at stealing big money.

"A cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign," Ahuvia wrote. "Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date."

RSA said the gang leadership appears to come from Russia, and plans to use a "Gozi-like Trojan" that RSA is calling Gozi Prinimalka. Prinimalka is derived from the Russian word meaning "to receive."

"According to underground chatter, the gang plans to deploy the Trojan in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hijacking scenarios," Ahuvia wrote.

"If successfully launched, the full force of this mega heist may only be felt by targeted banks in a month or two. The spree's longevity, in turn, will depend on how fast banks and their security teams implement countermeasures against the heretofore-secret banking-Trojan," she wrote.

Brian Krebs, who writes the blog KrebsonSecurity, said in a recent post that the RSA analysis "seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets."

But he also said this particular threat could be a hoax -- that there is some suspicion in the cybercrime world that it could be a sting operation by Russian law enforcement, since the announcement has been so public.

Krebs said the threat appears to be coming from a series of posts on Underweb forums by a Russian hacker nicknamed "vorVzakone." His name translates to "thief-in-law," which Krebs said, "in Russia and Eastern Europe refers to an entire subculture of elite criminal gangs that operate beyond the reach of traditional law enforcement. The term is sometimes also used to refer to a single criminal kingpin."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News