Bank DDoS Attacks Leveraged to Steal Millions
Gartner's Avivah Litan says low-powered DDoS attacks are being used to divert attention away from fraudulent money transfers.
According to Avivah Litan, vice president and distinguished analyst at Gartner, at least three banks have been hit in the last few months by low-powered DDoS attacks that are intended to divert attention away from fraudulent money transfers being made at the same time (h/t SC Magazine).
Litan told SC Magazine that the attacks "added up to millions [lost] across the three banks."
This is part of a new form of attack that's just emerged over the past few months, according to Litan. "Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it," she wrote in a blog post. "Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed."
As a result, Litan advises banks to implement a policy of slowing down the money transfer system during a DDoS attack -- and, more generally, to deploy a layered fraud prevention and security approach.