On December 17, CUNA Mutual Group (CMG) reported in a Risk Alert that RSA, a security firm, issued a warning in October of a planned attack on 30 U.S. financial institutions. McAfee recently issued a report supporting RSA’s prior findings. The attack, which is planned for this spring, has been coined ‘Project Blitzkrieg’. The objective is to steal money from accounts at the financial institutions by compromising online banking login credentials.
RSA’s original warning, issued in October 2012, indicated the attack was planned for this fall. However, other reports indicate the attack is planned for this spring against accounts held at 30 U.S. financial institutions. RSA based its findings on communications in an online underground forum posted by a Russian hacker who goes by the nickname vorVzakone. RSA reported the Russian crime group was actively recruiting botmasters to help launch the attack against computers by spreading a variation of the Gozi banking Trojan, dubbed Gozi Prinimalka. RSA did not disclose the names of the targeted financial institutions, but reported this could be the most substantial organized banking Trojan operation seen to date.
McAfee recently issued a report that upheld RSA’s prior findings. McAfee reported it found evidence the Russian group piloted the Trojan by infecting a minimum of 300 to 500 computers across the U.S.
In addition to stealing the victim’s online banking login credentials, RSA reported the Trojan sends the machine’s details to the botmaster. A “novel virtual-machine-synching module” installed on the botmaster’s machine will purportedly duplicate the victim’s computer settings, including the victim’s time zone, screen resolution, cookies, browser type and version, and software product IDs. This allows the fraudsters to login to the victims’ accounts and successfully defeat the multifactor authentication method involving device recognition whether it involves simple device recognition using cookies or a complex digital footprint of the machine.
RSA believes the group is targeting accounts held at U.S. banks due to weak authentication methods deployed.
Click here for the full CMG risk alert.
Source: CUNA Mutual Group Risk Alert_December 17, 2012