DDoS attacks aim for money as well
The conventional wisdom holds that the massive wave of cyber attacks against banks over the past year or so have been so-called APTs, or advanced persistent threats. The idea is that the attackers are likely to be state-sponsored and politically motivated. For that reason, they are assumed to be interested mainly in wreaking havoc and stealing treasured corporate intellectual property as much stealing money.
But several pundits have suggested that the attacks could also be used as cover for old-fashioned cyber crime, that is, efforts to steal cold hard cash. That view has proven to be accurate.
"DDoS attacks are an increasingly popular method for criminals to divert bank security staff attention while defrauding bank systems. Until recently, most illegal money transfers were accomplished via account takeover – of either customer or employee accounts when the fraudsters moved money from customer accounts to their mules and eventually their own accounts," according to a blog post from a Gartner analyst.
"A new much more ominous attack type has emerged over the past few months – and uses DDoS as its cover. Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed."
Gartner says that "considerable financial damage" has already resulted. It suggests that, at a minimum, banks should slow down their money transfers systems while under DDoS attack.
- here's the article