Major Banks Biggest Cyberattacks in History

I recently found an article, written by David Goldman of CNN, discussing the denial of services attacks against the banks: Bank of America, JPMorgan Chase, Wells Fargo, US Bank, and PNC Bank.  Security experts say the outages stem from one of the biggest cyber-attacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers. (Goldman, 2012)   These same banks have a great deal of defenses built to prevent such attacks, but Goldman says this time they were outgunned. 

"The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."  To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday.

Goldman writes, denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites. That level of pre-planning is a deviation from the kinds of denial of service attacks launched at banks in the past by so-called "hacktivists." Typically, hacktivists use home PCs infected with malware to amass their botnets. Attacks on this scale would be impossible to carry out with home PCs -- users too frequently turn them off or disconnect them from the Internet.

Cited:

Goldman, David. (2012). CNN: Major Banks hit with biggest cyber-attacks in history. Retrieved at: http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/index.html

Top 5 Deadliest Mobile Malware Threats Of 2012

Not long ago, we discussed threats to mobile devices and networks.  Brian Prince, contributing writer of Dark Reading, has reviewed the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012.

1. FakeInst SMS Trojan and its variants

"FakeInst disguises itself as popular apps like Instagram, Opera Browser, [and] Skype, and sends SMS messages to premium-rate numbers," says Jerry Yang, vice president engineering at mobile security firm TrustGo.

"It is selected because it has been widely infected. There are many variants in the FakeInst family, such as RuWapFraud, Depositmobi, Opfake, and JiFake," Yang says. "Sixty percent of total Android malware we found belong to the FakeInst family. Geographically, it mainly exists in Russia. There are also samples found from all over the world."

2. SMSZombie

Also on the list is SMSZombie, which was recently spotted in third-party markets in China and has infected more than 500,000 devices in the past few weeks. The malware works by sending SMS messages to China Mobile's online payment system and "top-up designated accounts," Yang explains.

Once installed, it obtains Device Admin privileges and is very difficult to remove, prompting TrustGo to publish details of a manual removal process on its blog.

"We expect more Android malware will adopt similar techniques to protect themselves," he says.

3. NotCompatible

Discovered by Lookout Mobile Security in April, NotCompatible is the first piece of mobile malware that used websites as a targeted distribution method, notes Derek Halliday, lead security product manager at Lookout.

"NotCompatible is automatically downloaded when an Android browser visits an infected website," he says. "The downloaded application is disguised as a security update in an attempt to convince the user to install it."

If it successfully installed, NotCompatible can potentially be used to gain access to private networks by turning an infected Android device into a network proxy, and can be used to gain access to protected information or systems, Halliday says.

4. Android.Bmaster

Bundled in with legitimate applications, Android.Bmaster was spotted on a third-party Android app market earlier this year. The majority of the infected victims were Chinese users. Once on the device, the malware swiped sensitive data from the phone, including the Cell ID, location area code, and IMEI (International Mobile Equipment Identity) number, and caused users to send SMS messages to premium numbers.

"Analysis of Android.Bmaster's command-and-control servers indicate the total number of infected devices connected to the botnet over its entire life span numbered in the hundreds of thousands," says Kevin Haley, director of Symantec Security Response. "The number of infected devices able to generate revenue on any given day ranged from 10,000 to 30,000, enough to potentially net the botmaster millions of dollars annually if the infection rates are sustained."

5. LuckyCat

LuckyCat was the name given to a campaign of targeted attacks that struck the aerospace and energy industries in Japan as well as Tibetan activists and others. To broaden their attack, the perpetrators have brought the attack to the Android platform.

Once installed, the application displays a black icon with the text "testService," and opens a backdoor on the device to steal information.

With the direction mobile devices are going, this is one of the largest issues facing both private and corporate consumers in the world today.

Cited:

Prince, Brian. (2012). Dark Reading: Top 5 Deadliest Mobile Malware Threats of 2012.  Retrieved at: http://www.darkreading.com/mobile-security/167901113/security/news/240006056/top-5-deadliest-mobile-malware-threats-of-2012.html