Banks warned of Trojan spree as cyber-criminals get away with US$5m heist

5 Oct 2012

A Trojan heist on 30 US financial institutions that saw cyber-criminals make off with US$5m is a warning shot for Irish banks to be on the lookout for sophisticated threats.

RSA, EMC’s security division, has uncovered plans by a cyber gang to launch a Trojan attack spree on the banks this autumn, making it the largest-ever organised banking Trojan operation.

A Trojan is a type of malware that masquerades as a legitimate file or programme, giving the hacker unauthorised access to a computer to steal information.

The cyber gang plans to deploy the Trojan in an effort to complete fraudulent wire transfers through man-in-the-middle manual session-hijacking scenarios.

Previous incidents involving this Trojan, known as Gozi Prinimalka, handled by RSA appear to corroborate the cyber gang’s claims that, since 2008, their Trojan has been at the source of siphoning US$5m from US bank accounts.

Jason Ward, EMC’s country manager for Ireland, described the attempted heist as a “wake-up call” for Irish banks which need to take urgent steps to protect themselves against new cyber threats that are persistent, dynamic and intelligent.

“Today’s IT organisations are in a constant state of compromise from new sophisticated cyber threats,” Ward explained.

“The world’s cyber threat landscape is evolving at pace. Of the 60m variants of malware in existence today, one-third were created last year. Increasingly, the human firewall is being breached, with cyber-criminals shifting their focus from technology to people in a bid to infiltrate companies and governments by exploiting our weaknesses,” he said.

The rise of the botmasters

In a boot camp-style process, accomplice ‘botmasters’, who control pieces of malware, are selected and trained, becoming entitled to a percentage of the funds they siphon from victims’ bank accounts into mule accounts controlled by the cyber gang.

Each ‘botmaster’ selects their own ‘investor’ who will put down the money needed to buy equipment for the operation – servers, laptops and so on – with the incentive of sharing in the illicit profits.

The gang and a long list of other accomplices will reap their share of the spoils, including the money-mule herder and malware developers.

“This plot shows that Irish organisations, including banks, need to defend themselves from attack through intelligence-driven information security, collecting reliable cyber security data and researching prospective cyber adversaries to better understand risk and learn about why and how attacks occur.

“New skills must be developed in the IT team to produce and analyse intelligence and identify normal and abnormal system and end-user behaviour. Organisations must continuously monitor IT systems, restrict network access to privileged users, limit or block access to high-risk websites or social networks, and make investment in IT security an executive leadership priority.

“We need to stay ahead of a new generation of cyber-criminals whose sophisticated attacks are part of a pattern of organised crime, espionage and terrorism,” Ward warned.

Hacker image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com