Security researchers have previously highlighted the growing trend of using DDoS attacks to hide fraudulent activity at banks. "More generally, a layered fraud prevention and security approach is warranted." "One rule that banks should institute is to slow down the money transfer system while under a DDoS attack," she wrote.
Litan, an expert in financial fraud and banking security, did not describe how attackers gained access to the wire payment switch at banks, but she offered banks advice on how they might better protect themselves. "Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed." "Once the DDoS is underway, this attack involves takeover of the payment switch (eg, wire application) itself via a privileged user account that has access to it," she wrote.
Litan described the attack method in a blog post last week that warned banks' losses could have been much greater. "It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours." "It wasn't the politically motivated groups," she said. She declined to name the institutions affected but said the attacks appeared unrelated to the wave of DDoS attacks last winter and spring that took down Web sites belonging to JP Morgan, Wells Fargo, Bank of America, Chase, Citigroup, HSBC, and others. Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher.Īt least three US banks in recent months have been plundered by fraudulent wire transfers while hackers deployed "low powered" DDoS attacks to mask their theft, Avivah Litan, an analyst at research firm Gartner, told.