Cybercriminals use DDoS Attacks to make Millions

DDoS attackMillions of dollars have been lost to a new tactic being used by cybercriminals call DDoS.  DDoS attacks or distributed denial-of-service attack is an attempt to make a machine or network service unavailable.  These attacks typically target high-profile web servers, banks, credit card companies, and even root nameservers.

DDoS attacks are more frequently hitting banking systems, by defrauding their system and diverting their security staffs attention while the account is being taken over.

These distributed denial of service attacks have been used to divert security personnel attention when there are millions of dollars stolen from accounts.  At least three US banks in recent months have been ransacked by fraudulent wire transfers while hackers set up a “low powered” DDoS attack.  Many websites including JP Morgan, Wells Fargo, Bank of America, Chase, and Citigroup have been hit.

 

Attack on your website

DDOS-Attack-StructureExtortion threats are being made against numerous websites, including Cryptome which just released an “Opsecure DDoS Extortion” letter.  The letter stated that unless funds were transferred to the Bitcoin address, the Cryptome website “will be undergoing a distributed denial of service’ attack conducted by ’1 & 0 Logic Security Group.’”  The criminal demanded 1Bitcoin as payment, which is around $102.

DDoS attacks are illegal in many countries including the United States, they sustain because they are free.  With enough infected malware and control over their PCs or servers, these attackers can defeat almost any unprotected website.

Criminal operations are behind many of these DDoS disruptions.  BetaBot’s are a relatively new and economical piece of malware that’s built to deactivate information security software.  Smoke Loader is malware that is used to load addition malware such as crimeware toolkits.  These both remotely control DDoS tools – onto infected systems.

DDoS attack tools, have been a favorite of hacktivist.  In the run-up to the Anonymous backed attacks against North Korea, hacktivist recommended participants to get into one of the DDoS attack tools like Loris for Pythin and Windows.

 

DDoS attack worldwide

 

Vulnerabilities

Izz ad-Din al-Qassam Cyber Fighters, launched the Operation Ababil attacks against U.S. banks last year, favored the “itsoknoproblembro” toolkit, which is also known as Brobot.  These have entered into thousands of legitimate sites due to exploitation of a vulnerability in a WordPress plug-in.

In South Korea in October 2011, the DDoS attack was used to Disrupt the country’s Nation Election Commission website on teh day of a Seoul mayoral by-election.  “inofrmation on polling stations was made unavailable during morning hours when a large proportion of young, liberal-leaning constituents were expected to vote en route to work,” according to a Freedom House report.

Security researchers have recognized the trend of using DDoS attacks.  The Dell SecureWorks Center Threat Unit issued a report in April to warn about the toolkit.  Wire transfers of up to $2.1million have been spotted.  A layered fraud prevention and security approach is now assured.

References:

Cybercriminals use DDoS attacks as “smokescreens” for major cyber thefts – WeLiveSecurity
http://www.welivesecurity.com/2013/08/22/cybercriminals-use-ddos-attacks-as-smokescreens-for-major-cyber-thefts/
August 22, 2013

Cybercriminals Expand DDOS Extortion Demands – Information Week
http://www.informationweek.com/security/vulnerabilities/cybercriminals-expand-ddos-extortion-dem/240157366
June 26, 2013

Cybercrooks use DDoS attacks to mask theft of banks’ millions – CNet
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attacks-to-mask-theft-of-banks-millions/

 

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security and tagged , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5