Banks Warned of ‘Mass Fraud Campaign’ for Cyberattacks Come Spring

A report from a security firm analyzing an ongoing cyberattack is warning financial institutions that it continues to be a “credible threat” and is expected to hit them hard in the spring.

According to analysis from McAfee Labs, the cyberattack known as “Project Blitzkrieg” was launched by a hacker going as “vorVzakone” (which means “thief of law”), who is involved in other campaigns that have already infected more than 500 institutions.

“If the aims of Project Blitzkrieg, as vorVzakone has claimed, become fully realized by spring 2013, the financial industry needs to be fully prepared,” Ryan Sherstobitoff wrote for McAfee.

According to the report by the security firm, a blog post by RSA researchers first brought the Trojan attacks to light, which it notes finding were in development since 2008 and transferred $5 million so far. The thieves as a whole, according to the report, have been active using their system since April 2012 and have infected up to 500 institutions.

“Using McAfee Global Threat Intelligence to track these campaigns, we were able to gather telemetry
information on the number of victims and their approximate locations. This campaign targeted victims
across the United States during a period of two months, with the latest victim infected on October 25.” (Image: McAfee Labs)

“McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned. Not only did we find evidence validating the existence of an early pilot campaign operated by vorVzakone and his group using the Trojan Prinimalka that infected at a minimum 300 to 500 victims across the United States, but we were also able to track additional campaigns as a result of the forum posting,” the report stated.

Defense Secretary Leon Panetta referenced the attacks on banks revealed in October, as well as other cyberattacks, during a speech that month saying this was a “pre-9/11 moment.”

“Before September 11, 2001 the warning signs were there. We weren’t organized. We weren’t ready. And we suffered terribly for that lack of attention,” Panetta said.

Some at the time linked the attacks to Iran but McAfee research seems to have traced vorVzakone attacks to originating in Russia.

“It’s no secret that Russia and China have advanced cyber capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage,” Panetta said in his October speech, according to Fox Business.

The continuation of the “mass fraud campaign,” if vorVzakone’s plans come to fruition, is set to hit 30 other institutions in 2013. The report does acknowledge that some speculate vorVzakone called off these plans due to recent publicity, but others think this is not the case.

(Image: McAfee Labs)

CNET pointed out the campaign is expected to target specific accounts at investment and consumer banks and credit unions, making it easier for the cybercriminals activity to go undetected until it’s too late.