• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • Security
  • Hackers planning massive attacks against U.S. banks, is it possible?

Hackers planning massive attacks against U.S. banks, is it possible?

Pierluigi Paganini October 09, 2012

In the last weeks we have assisted to a massive DDoS attacks against U.S. financial institutions that demonstrated how much invasive is this type of offensive.

The dimension of the attacks was very impressive considering that it has beaten the defense systems of so large organizations, experts believe it is negligible if compared to the attack that a group of cybercriminals is planning.

According RSA security firm 30 American banks might soon be victims of a devastating attack conducted using a malware spread and controlled by around 100 botmasters.

RSA hasn’t clarified how it is in possession of these information, according to Krebson Security blog it captured a series of post of a Russian hacker “vorVzakone” posted on Underweb forums.

The malware detected by security researchers looks very similar to Gozi trojan and it has been named Gozi Prinimalka since the word “Prinimalka” appears in every URL path utilized by the authors.

The group of cyber criminals, named itself HangUp Team, according the investigation has started a recruiting campaign for botmaster figures. The Gozi trojan has been spread in the past to steal $5 million  from American bank accounts, it belongs to the family of Trojan mainly used for banking frauds as the most famous Zeus. The trojan to allow fraudulent wire transfers implements the classic Man-In-The-Middle (MiTM) attack.

Singular the way that authors of the trojan intend to involve botmasters, they will receive only executable files and will be trained individually in the use of the dangerous trojan.

During the first days of September, vorVzakone announced the beginning of the operation he named “Project Blitzkrieg.” that desire to involve other hackers in a massive attack against U.S. banking sector that appears vulnerable due the lack of anti-fraud mechanisms.

“The two factor authentication is not covered since it’s rare in USA.” wrote vorVzakone, the hacker also added on the malware:

“Successful load rate is increased to 80-90%

Success of the transfers – 99%, unless the bank dials through or the holder logs into the account, if the methodology is followed

The development of the system took 4 years of daily work and around $500.000 was spent

Since 2008 by using this product  not less than $5m was transferred just by one team.

The product has no auto-transfer ability (manual operation only)”

Cybercrime Communications Specialist for RSA FraudAction, Mor Ahuvia, declared:

“In a boot camp-style process, accomplice botmasters will be individually selected and trained, thereby becoming entitled to a percentage of the funds they will siphon from victims’ accounts into mule accounts controlled by the gang,”

“To make sure everyone is working hard, each botmaster will select their own ‘investor,’ who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits.”

vorVzakon announced the beginning of his campaign writing:

“The goal – together, en-masse and simultaneously process large amount of the given material before anti-fraud measures are increased,”

Another interesting part of the attack announced by vorVzakone is the flooding of victim’s phone lines while during robbery avoiding the reception of confirmation calls or text messages from their banks, the hacker started discussion threads on different forums posting a video on how flood telephone services.

RSA Security has alerted the financial institutions on the imminent threat and related effects, the hope is that the cyber criminals once realized to have been discovered could change their plan.

According to security experts the American banking is most exposed to this type of attacks due the lack of  proper authentication methods for wire transfers.

What credibility can be given to the story?

Although the threat of similar malware to the banking world is concrete, I think that the the single case is little concrete. The hacker in question has littered the web of his tracks, posting videos in which recognizable face in front of  his car with a license plate prominently displayed. vorVzakone  flaunts safety, probably because attempt to sell his image, recently it seems is selling a service “Insurance from criminal prosecution” to enable those in his country who are prosecuted for computer crime groped to bribe the police … all upon payment of a membership fee to his initiative.

Singular and very strange idea that might really make sense in his context, the reality is sometimes stranger than fiction.

What you have to worry about is the organizational model for the attack, on forums present in the deep web is not uncommon find groups of hackers who exchange information on how to make fraud more or less complex …  is the evolution of crime that seeks to maximize the adoption of the technological tools.

How to protect ourselves?

Common sense, awareness of the threat and the demand to those who manage the services we access to give proper warranty on their security level.

Specifically, I find it absurd that there are gaps so obvious in the process of authentication of some banks.

Pierluigi Paganini


facebook linkedin twitter

banking Cybercrime DDoS Deep Web financial institutions malware RSA Zeus

you might also like

Pierluigi Paganini July 10, 2025
Qantas data breach impacted 5.7 million individuals
Read more
Pierluigi Paganini July 09, 2025
Nippon Steel Solutions suffered a data breach following a zero-day attack
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT