http://www.bizjournals.com/atlanta/news/2012/12/21/major-banks-target-of-cyber-attacks.html
Major banks target of more cyber attacks; regulator tells banks to alert law, customers
Atlanta Business Chronicle by Carla Caldwell
Date: Friday, December 21, 2012, 2:10pm EST - Last Modified: Friday, December 21, 2012, 3:55pm EST
An alert Friday from the U.S. Office of the Comptroller of the Currency warned about a new wave of so-called distributed denial-of-service attacks on some of the nation’s major financial institutions. The alert said banks should share information with each other and law enforcement when attacks occur, and to give “timely and accurate” advisories to customers on website problems and precautions they can take.
Attacks starting last week have hit Atlanta-based SunTrust Banks, Inc. (NYSE: STI), PNC, Bank of America Corp. (NYSE: BAC), JPMorgan Chase & Co. (NYSE: JPM),U.S. Bancorp, and Wells Fargo & Co. (NYSE: WFC), according to two executives at companies providing security to some of the targeted banks, according to a Bloomberg report published Friday by American Banker.
The executives asked not to be named because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. Bloomberg said.
The Comptroller did not identify banks involved in the cyber attacks.
A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com, said Bloomberg. The group also claimed responsibility for cyber attacks in September and October against financial institutions. The attacks were carried out in response to a video uploaded to YouTube ridiculing the Prophet Muhammad, the group said.
The attacks typically send large volumes of Internet traffic to websites, causing delays and disruptions.
The comptroller’s office said the attacks can distract bank personnel to gain access to customers’ accounts, block customers from reporting suspected fraud and prevent banks from alerting customers.
and......
https://www.networkworld.com/news/2012/122112-stabuniq-malware-found-on-servers-265312.html?source=NWWNLE_nlt_daily_pm_2012-12-21
Stabuniq malware found on servers at U.S. financial institutions
The malware appears to just be performing reconnaissance for now
IDG News Service - Security researchers from Symantec have identified an information-stealing Trojan program that was used to infect computer servers belonging to various U.S. financial institutions.
Dubbed Stabuniq, the Trojan program was found on mail servers, firewalls, proxy servers, and gateways belonging to U.S. financial institutions, including banking firms and credit unions, Symantec software engineer Fred Gutierrez said Friday in a blog post.
"Approximately half of unique IP addresses found with Trojan.Stabuniq belong to home users," Gutierrez said. "Another 11 percent belong to companies that deal with Internet security (due, perhaps, to these companies performing analysis of the threat). A staggering 39 percent, however, belong to financial institutions."
Based on a map showing the threat's distribution in the U.S. that was published by Symantec, the vast majority of systems infected with Stabuniq are located in the eastern half of the country, with strong concentrations in the New York and Chicago areas.
Compared to other Trojan programs, Stabuniq infected a relatively small number of computers, which seems to suggest that its authors might have targeted specific individuals and organizations, Gutierrez said.
The malware was distributed using a combination of spam emails and malicious websites that hosted Web exploit toolkits. Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player, Adobe Reader or Java.
Once installed, the Stabuniq Trojan program collects information about the compromised computer, like its name, running processes, OS and service pack version, assigned IP (Internet Protocol) address and sends this information to command-and-control (C&C) servers operated by the attackers.
"At this stage we believe the malware authors may simply be gathering information," Gutierrez said.
No comments:
Post a Comment