14 DAY TRIAL // The distributed denial-of-service (DDOS) attacks experienced by a handful of US financial institutions are nothing compared to what a group of cybercriminals is planning. The RSA has learned that 30 American banks might soon become the targets of Trojan attacks sustained by around 100 botmasters.
The cybercriminal gang that came up with the idea - HangUp Team or an affiliated collective - has started recruiting botmasters and plans to carry out the operation with a rare Trojan that resembles Gozi. Since the word Prinimalka appears in every URL path utilized by this particular group, researchers dubbed the malware Gozi Prinimalka.
Although it’s not very well known, the Trojan has been successfully used to steal around $5 million (4 million EUR) from American bank accounts.
According to experts, American banks are the target of this campaign because unlike most European banks, they don’t require the use of two-factor authentication when customers perform wire transfers.
Since the Gozi Prinimalka Trojan is privately operated and its owners want it to remain this way, the botmasters that will take part in this major scheme will most likely only receive executable files, not the compiler.
“In a boot camp-style process, accomplice botmasters will be individually selected and trained, thereby becoming entitled to a percentage of the funds they will siphon from victims’ accounts into mule accounts controlled by the gang,” Cybercrime Communications Specialist for RSA FraudAction, Mor Ahuvia, wrote.
“To make sure everyone is working hard, each botmaster will select their own ‘investor,’ who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits.”
The RSA has issued a warning for all organizations to take note of this and prepare their networks accordingly. The fact that the information is out in the open might discourage the attackers a bit, but that doesn’t mean they will give up. Instead, they might simply change the attack vector.
In any case, if the plans materialize, this may become the largest coordinated attack financial institutions from the US have ever witnessed.