The financial industry must prepare for a “mass fraud campaign” that will target 30 of the United States’ banks by spring 2013, according to a new report.
Less than three months after news surfaced that massive denial-of-service cyber attacks shuttered the websites of some the nation’s most prominent banks, including Bank of America and JPMorgan Chase, a new report from security firm McAfee advises that there is still a “credible threat.”
According to the report, a hacker known as vorVzakone posted on an online Russian forum in September, claiming that a malicious Trojan, under development since 2008, was capable of continued attacks on the U.S. financial industry.
Dubbed Project Blitzkrieg, the hacker alleged that a pilot program using the Trojan had already infected 300 to 500 U.S. victims and successfully stolen $5 million from the system, according to McAfee.
The report suggests vorVzakone has recruited a skilled team of cybercriminals to carry out Project Blitzkrieg and has created a sophisticated system for stealing, transferring and an unprecedented sharing of the pirated funds.
“This attack combines both a technical, innovative backend with the tactics of a successful, organized cybercrime movement,” McAfee threats researcher Ryan Sherstobitoff wrote in the report. “Although Project Blitzkrieg hasn’t yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred.”
Pointing out that investment banks may be at the greatest risk, due in large part to their high-valued accounts, the report goes on to advise the financial industry to pay close attention to future outgoing transactions.
“Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010,” Sean Bodmer, chief researcher at cyber attack intelligence firm CounterTack told ClearanceJobs in a statement. “What’s new and most interesting is the mass profit sharing model being trumpeted.”
“It would seem that the criminal underground is maturing at a much faster pace than world governments believe,” he added.
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also creator of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.