DDoS Diversion – A Game of Privilege

Gartner analyst Avivah Litan recently blogged about a disturbing new attack trend that presents significant challenges for bank security professionals.  Litan has outlined that DDoS attacks are now serving as diversionary tactics to divert attention from more severe, privileged-based attacks that result in criminals taking over control of wire transfer services. 

According to Litan, “once the DDoS is underway, the attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account.” 

What this means is that instead of focusing on stealing money from one customer at a time, attackers and criminals can now use the privileged account to control the master payment switch – moving as much money from as many accounts as they can until their actions are noticed.

According to reports from SC Magazine, this tactic has been used on at least 3 banks to steal millions from accounts.

These attacks are a stark reminder of the power of privileged accounts and highlight why they are the number one target of all cyber-attackers – these are the most powerful accounts in any organizations and provide broad access and control to all systems on a network. 

Attackers steal privileged credentials through simple tactics such as phishing or key logging malware. Once they gain privileged access, they can move throughout a network, simulating normal business traffic.   In this case, they’re able to commandeer control of the wire transfer application to steal money in a much more efficient manner.  

This is another example of why businesses need to proactively secure privileged accounts – making sure that all activity using these accounts is monitored, and that a complete audit trail of who accesses these accounts and what they did, is available at all times.

Monday, September 30, 2013