McAfee warned of this months ago, and their predictions are coming true. U.S. Banks are under attack. As are some cloud providers, for that matter. The attacks are more massive and organized than ever before. An article in CNet News on December 13, 2012 revealed that a report released by McAfee Labs predicted an impending attack on U.S. financial institutions — dubbed Project Blitzkrieg — was a “credible threat.”
Project Blitzkrieg is believed to be headed by an individual known as vorVzakone, according to McAfee. In September, vorVzakone announced a massive fraud campaign to be launched against 30 U.S. banks in spring 2013. VorVzakone also put out a call to arms for fellow hackers to join his cause. The attacks are said to be done with a highly developed Trojan that could infect victims’ computers, plant software, and allow cybercriminals to steal information and money.
Rather than being a sweeping attack, McAfee said the campaign will selectively target accounts at investment banks, consumer banks, and credit unions. Going after selected groups makes it easier for vorVzakone to stay under the radar and not be detected by network defenses, according to McAfee.
The attack was to expected to hit hard in Spring, 2013. But it looks like plans have moved up a bit. And are not being executed as predicted. A January 10, 2013 article in the Philadelphia Business Journal carried the title “PNC, Wells Fargo Cyberattacks Work of Iran, U.S. Believes. “ The real story is based on a January 8, 2013 article in the New York Times entitled “Bank Hacking Was the Work of Iranians, Officials Say“:
But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.
The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.
Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.
A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters has claimed in online posts that it was responsible for the attacks. . . . But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems.
Iranian officials emphatically deny any connection with the attacks. However, the attackers allegedly stated last week that they had no intention of halting their campaign. “Officials of American banks must expect our massive attacks,” they wrote. “From now on, none of the U.S. banks will be safe.”
I don’t know what I believe about who or what is behind these attacks. I do believe that the threat, no matter the source, is very real. Thus far there has been no theft; simply a consistent disabling of the bank’s abilities to service online customers. However, I have no doubt that this is camouflage designed to distract security professionals from the eventual real consequences of these attacks, which has the potential to create havoc with assets of individuals and businesses.
What do you need to do?
- Be mindful of the insurance limits which apply to all of your combined accounts. (Excluding IOLTA. See “Unlimited FDIC Insurance on IOLTA Accounts Due to Expire” for further details about this issue.)
- Make sure that you are not dependent on online banking for essential transactions. Even if you do your deposits and bill paying remotely, have good old-fashioned deposit slips and checks handy.
- Be sure you print out your monthly statements if you do electronic review. You may need to access your information quickly at a time when your financial institution is trying to clean up a mess. Those with an audit trail of their own will always fare better.
- Be careful about where you conduct your business. Never log onto your secure encrypted accounts from a public computer, or over a public WiFi connection.
- If you don’t have a password on your smartphone, netbook and/or tablet, put one on immediately. Yes, I know it’s a pain that after 3 – 10 minutes of idle time you have to put in a password to resume work. On the other hand, no one can pick up your device when you’re not looking, and find your autologin information for your bank!
- Be especially wary of any so-called email communications from your banking institutions asking you to logon and reset your password, enter your SSN, or other sensitive information, and especially if they provide you with a link to do so. Verify the legitimacy of the request by calling the institution on the phone before clicking on the link. Nowadays sophisticated fraudsters create web sites that are so close to the real thing it can fool most people into entering sensitive information.
These are just a few quick thoughts to get this issue on your personal radar screen. I encourage you to add your thoughts in terms of what we need to do to protect our firms, ourselves, and our clients.