• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • Security
  • Hackers planning massive attacks against U.S. banks, is it possible?

Hackers planning massive attacks against U.S. banks, is it possible?

Pierluigi Paganini October 09, 2012

In the last weeks we have assisted to a massive DDoS attacks against U.S. financial institutions that demonstrated how much invasive is this type of offensive.

The dimension of the attacks was very impressive considering that it has beaten the defense systems of so large organizations, experts believe it is negligible if compared to the attack that a group of cybercriminals is planning.

According RSA security firm 30 American banks might soon be victims of a devastating attack conducted using a malware spread and controlled by around 100 botmasters.

RSA hasn’t clarified how it is in possession of these information, according to Krebson Security blog it captured a series of post of a Russian hacker “vorVzakone” posted on Underweb forums.

The malware detected by security researchers looks very similar to Gozi trojan and it has been named Gozi Prinimalka since the word “Prinimalka” appears in every URL path utilized by the authors.

The group of cyber criminals, named itself HangUp Team, according the investigation has started a recruiting campaign for botmaster figures. The Gozi trojan has been spread in the past to steal $5 million  from American bank accounts, it belongs to the family of Trojan mainly used for banking frauds as the most famous Zeus. The trojan to allow fraudulent wire transfers implements the classic Man-In-The-Middle (MiTM) attack.

Singular the way that authors of the trojan intend to involve botmasters, they will receive only executable files and will be trained individually in the use of the dangerous trojan.

During the first days of September, vorVzakone announced the beginning of the operation he named “Project Blitzkrieg.” that desire to involve other hackers in a massive attack against U.S. banking sector that appears vulnerable due the lack of anti-fraud mechanisms.

“The two factor authentication is not covered since it’s rare in USA.” wrote vorVzakone, the hacker also added on the malware:

“Successful load rate is increased to 80-90%

Success of the transfers – 99%, unless the bank dials through or the holder logs into the account, if the methodology is followed

The development of the system took 4 years of daily work and around $500.000 was spent

Since 2008 by using this product  not less than $5m was transferred just by one team.

The product has no auto-transfer ability (manual operation only)”

Cybercrime Communications Specialist for RSA FraudAction, Mor Ahuvia, declared:

“In a boot camp-style process, accomplice botmasters will be individually selected and trained, thereby becoming entitled to a percentage of the funds they will siphon from victims’ accounts into mule accounts controlled by the gang,”

“To make sure everyone is working hard, each botmaster will select their own ‘investor,’ who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits.”

vorVzakon announced the beginning of his campaign writing:

“The goal – together, en-masse and simultaneously process large amount of the given material before anti-fraud measures are increased,”

Another interesting part of the attack announced by vorVzakone is the flooding of victim’s phone lines while during robbery avoiding the reception of confirmation calls or text messages from their banks, the hacker started discussion threads on different forums posting a video on how flood telephone services.

RSA Security has alerted the financial institutions on the imminent threat and related effects, the hope is that the cyber criminals once realized to have been discovered could change their plan.

According to security experts the American banking is most exposed to this type of attacks due the lack of  proper authentication methods for wire transfers.

What credibility can be given to the story?

Although the threat of similar malware to the banking world is concrete, I think that the the single case is little concrete. The hacker in question has littered the web of his tracks, posting videos in which recognizable face in front of  his car with a license plate prominently displayed. vorVzakone  flaunts safety, probably because attempt to sell his image, recently it seems is selling a service “Insurance from criminal prosecution” to enable those in his country who are prosecuted for computer crime groped to bribe the police … all upon payment of a membership fee to his initiative.

Singular and very strange idea that might really make sense in his context, the reality is sometimes stranger than fiction.

What you have to worry about is the organizational model for the attack, on forums present in the deep web is not uncommon find groups of hackers who exchange information on how to make fraud more or less complex …  is the evolution of crime that seeks to maximize the adoption of the technological tools.

How to protect ourselves?

Common sense, awareness of the threat and the demand to those who manage the services we access to give proper warranty on their security level.

Specifically, I find it absurd that there are gaps so obvious in the process of authentication of some banks.

Pierluigi Paganini


facebook linkedin twitter

banking Cybercrime DDoS Deep Web financial institutions malware RSA Zeus

you might also like

Pierluigi Paganini July 28, 2025
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Read more
Pierluigi Paganini July 28, 2025
Scattered Spider targets VMware ESXi in using social engineering
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    Allianz Life data breach exposed the data of most of its 1.4M customers

    Data Breach / July 27, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT