A group of cyber criminals are placing banks in Russia and the Ukraine under siege with a next-generation exploitation kit that hacks the authentication system and uses a denial of service attack.
The attacks use a revised version of BlackEnergy, which was commonly used in distributed denial of service (DDoS) attacks. The criminals are using the new and improved version to transfer funds from electronic bank accounts and then attack the financial institutions with DoS attacks, according to a researcher at SecureWorks’ Counter Threat Unit.
“Over the months that I’ve been monitoring this botnet, it’s attacked probably a dozen or more banks with the same type of pattern of attacking the java authentication app,” Joe Stewart, a researcher with SecureWorks, told The Register. “All we see is, yes, this group has the plug-in that does the banking theft and then we see them also hacking that same banking authentication with the DDoS attack.”
The technique is effective because bank employees are distracted during the money transfer, according to Stewart, who presented at the Forum of Incident Response and Security Team conference in Miami.
Read Stewart’s full report here