US banks face 'credible' hacker threat, researchers say

Dec 13, 2012
Dozens of US banks face a "credible" threat from hackers based in Eastern Europe who are planning large-scale attacks next year, a security firm said in a report released Thursday.

Dozens of US banks face a "credible" threat from hackers based in Eastern Europe who are planning large-scale attacks next year, a security firm said in a report released Thursday.

The report released by McAfee Labs supports the conclusions of researchers at another , RSA, which first drew attention to the campaign expected to target 30 US .

McAfee, owned by Intel, said the so-called Project Blitzkrieg "is a credible threat to the financial industry and appears to be moving forward as planned."

The hackers, who have been traced to servers hosted in Ukraine and led by an individual nicknamed vorVzakone, have already used the malware to steal at least $5 million since 2008, according to McAfee and RSA.

The McAfee report said it sees a real threat in early 2013 despite some speculation in the security community that the project had been dropped after being exposed.

"McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned," McAfee researcher Ryan Sherstobitoff said in the report.

"Some recent reports argue that vorVzakone has called off this attack because it has been made public. Yet it is possible that the publicity may merely drive his activities deeper underground."

McAfee said the attack "combines both a technical, innovative back-end with the tactics of a successful, organized cybercrime movement."

An early "infected at a minimum 300 to 500 victims across the United States," according to McAfee.

Mor Ahuvia of the security firm RSA said in an October blog post that the series of Trojan attacks is set to be carried out by "100 botmasters" taking over control of infected computers.

Ahuvia said the attackers plan to use called "Gozi Prinimalka," which is a term derived from the Russian word meaning "to receive."

Earlier this year, several US banks appeared to be targeted by so-called , which aim to bring down websites by flooding the networks with data requests.

Explore further: Protecting infrastructure with smarter CPS

add to favorites email to friend print save as pdf

Related Stories

Report: Global cyberattack under way for 5 years

Aug 03, 2011

(AP) -- A computer security firm says cybercriminals have spent at least the past five years targeting more than 70 government entities, nonprofit groups and corporations to steal troves of data.

Spam down but 'zombie' armies growing: McAfee

May 07, 2009

Hackers appear to be beefing up armies of "zombie" computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee.

Recommended for you

Protecting infrastructure with smarter CPS

6 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

20 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

Sep 15, 2014

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1.9 / 5 (9) Dec 13, 2012
Isn't Mr. McAfee dodging murder charges? And he's doing security analysis from his hideout?
antialias_physorg
5 / 5 (5) Dec 13, 2012
Isn't Mr. McAfee dodging murder charges? And he's doing security analysis from his hideout?

John McAffee hasn't been active in the company that bears his name since the mid 90's. He currently doesn't even own any shares in it.
Argiod
1.8 / 5 (5) Dec 13, 2012
I would think that the banking industry, worldwide, would address this issue if they want to remain credible safeguards of our wealth. I, for one, no longer trust banks, or any publicly accessible institution, to safeguard my money, data, or ID. With enough people feeling this way, the industry stands to lose a lot of revenue. It is time banks went back to their original goal; to provide a safe place to put our money. As it stands, when your account is hacked, they fine you and make you replace the lost funds. And why? It was explained to me that it is because they (the banks) cannot pursue criminals across international borders; and they have to recover the lost funds from someone; ergo, the depositor is now hit with the insult of being treated like a crook, to the injury of losing our funds.
I used to keep my money in banks to keep from being robbed. Now, when I'm robbed, the bank takes a bit more; and destroys my credit rating. Banks are now co-conspirators in cyber-crimes.
kochevnik
1.6 / 5 (7) Dec 13, 2012
John McAffee hasn't been active in the company that bears his name since the mid 90's. He currently doesn't even own any shares in it.
Then wouldn't a recommendation from Timothy McVeigh or the Unibomber be even more poignant? Nice company the banksters keep. BTW McAffee sucked and only surpassed Symantec. He had to give away his software hoping people would adopt it. Would Germany be proud to rebrand the VW Beetle as Hitler's Car?
antialias_physorg
4.3 / 5 (6) Dec 13, 2012
Then wouldn't a recommendation from Timothy McVeigh or the Unibomber be even more poignant? Nice company the banksters keep. BTW McAffee sucked and only surpassed Symantec. He had to give away his software hoping people would adopt it. Would Germany be proud to rebrand the VW Beetle as Hitler's Car?

Erm...whut?

I would think that the banking industry, worldwide, would address this issue if they want to remain credible safeguards of our wealth.

Since they have a monopoly on that business (and are insured) - they couldn't care less.

It is time banks went back to their original goal; to provide a safe place to put our money.

The notion of a bank came about by taking money from person A and giving it to person B as a loan - and living off the interest. Banks, ideally, don't have any money in them at any time. (Though they are required to have a small fraction of the amount they lend out. We'd all be in big trouble if we all wanted our 'stored money' at the same time)
LuckyBrandon
1 / 5 (1) Dec 14, 2012
@kochevnic-McAffee surpassing Symantec? HA! Not even close....I've done the in depth testing and seen it with my own eyes.
Caliban
3 / 5 (2) Dec 14, 2012

The notion of a bank came about by taking money from person A and giving it to person B as a loan - and living off the interest. Banks, ideally, don't have any money in them at any time. (Though they are required to have a small fraction of the amount they lend out. We'd all be in big trouble if we all wanted our 'stored money' at the same time)


Not to mention that the banks have made a career of being the "victims".

Regardless of where the threat originates --even if the banks, themselves, are the predators-- it is Publc resources that will be expended to combat the threat. "We The People" will pay, with our tax dollars, to deploy the Law Enforcement, Intelligence and Judicial resources necessary to seek out, prosecute, and neutralise the threats --although total eradication or suspension of the threat will always remain impossible, naturally, thereby making the drain upon the Public wallet permanent.

And, of course, the FDIC will cover losses to account holders.

Caliban
1 / 5 (1) Dec 14, 2012
Adding insult to injury, the Banks will launder the misappropriated funds, and charge account holders additional fees to offset the (entirely fictional)costs of heightened anti-cybercrime internal surviellance and lobbying for stronger cybercrime legislation and tougher penalties for cybercriminals, all while their ruthless fleecing of the "Consumer" continues apace.

What a scam.

I find it astonishing that anyone would still have a dime in any of the major Banks after our recent misfortune, when local banks and credit unions offer the same services, far superior customer service, accountability and better rates, with increasingly similar ease-of-use.

But that's ok --go ahead and keep giving your money to the Banks.

Just remember --you get what you pay for.