Respected Gartner analyst Avivah Litan has claimed in a blog post that cyber crooks have used comparatively low level DDoS – distributed denial of service – attacks to confuse and distract financial institution security staffs as fraudulent wire transfers were in motion.
Litan explicitly indicated that these DDoS attacks were unlike the high volume DDoS that in the past year have taken down many U.S. financial institutions including $3.8 billion, Pleasanton Calif.-based Patelco Credit Union and University Federal Credit Union, a $1.5 billion institution in Austin, Texas. No thefts have been associated with these politically motivated attacks.
Regarding the incidents she blogged about, Litan told SC Magazine: “It wasn't the politically motivated groups. It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours."
Litan declined to name the institutions that she said suffered significant losses in these DDoS assaults.
In her recent blog. Litan offered details about how the attack unfolds: “Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.”
She advised institutions that when under a DDoS attack that they “slow” the wire transfer systems.