Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 30, 2013

DDoS used as cover fire for parallel attacks, $2.1 million unauthorized wire transfer

In Dell SecureWorks Counter Threat Unit(TM) research team 2012 Threatscape Review there is an intresting senario about Distributed denial-of-service attacks that  has been successful in draining up to $2.1 million from a bank account. The Dell SecureWorks 2012 Threatscape Review analyzes the conditions in 2012 that create threat scenarios and discusses notable trends in software vulnerabilities, global-scale threats, distributed denial of service (DDoS) attacks, Advanced Persistent Threats, and mobile threats.


Working with organizations affected by Dirt Jumper DDoS attacks revealed a threat scenario in which the threat actor first performed a short-lived “test” DDoS attack to determine if the actor’s botnet could make the targeted site unusable.

If the test was successful, then the threat actor performed another DDoS attack in the near future, but this time the DDoS attack occurred shortly after an unauthorized wire or Automated Clearing House (ACH) transfer out of a compromised account. DDoS attack patterns revealed that short-lived attacks were an indicator of an unauthorized wire transfer, while longer attacks, which could last hours to days, were indicators of a fraudulent ACH transfer.

Visibility on these attacks proved to be quite useful in some cases, the DDoS attack was the initial notice that high-dollar fraud was occurring. Some of the fraud attempts and losses are staggering, with total dollar values of attempted fraud ranging from $180,000 to $2.1 million.



Posted on 04/30