Robert (RJ) Jeffries | September 27, 2012
This is an update for those of you following the media reports regarding cyber attacks in the Finance Sector. One of the issues was discussed in our previous blog post on the iC3 Fraud Alert. As a short recap, financial institutions are being targeted by very sophisticated, custom-tailored and individualized attacks.
As part of the attack, banking/finance sector personnel are being targeted with SPAM and other malicious tricks to redirect their browsers to what are likely BlackHole websites. This results in the user's system being infected with malware in the Zeus/Cridex families. In some cases, this leads to attackers gaining near end-to-end control of financial transaction approval systems. Because each attack uses customized malicious sites and custom malware, the end-user detection rates are very low. These kits are literally designed to accomplish their tasks without being detected. Frequent updates to these kits are allowing attackers to continually stay a step or more ahead.
The second issue is the attacks against several banking institution websites. These issues appear to be the result of hacktivist-borne DDoS attacks against notably large banking websites. The indicators for DDoS attack are the sites have all reported 'intermittent slowness and partial loss of connectivity' for significant portions of their client/customer-base. Most recently,JPMorgan Chase, Wells Fargo and Bank of America have all reported breaches where employee and/or customer data was leaked on targeted sites. Unique from the fraud activity noted above, these attacks appear to be motivated by a hacktivist agenda rather than financial theft.
Solutionary continues to work closely with our clients to assist in efforts to mitigate and/or respond to these issues and will provide updates here as appropriate.
See how Solutionary managed security services based on the patented ActiveGuard® service platform combine security intelligence and expertise to provide visibility, threat detection and event response.
POST A COMMENT