Gartner Blog Network


DDoS diverts attention during Payment Switch takeover

by Avivah Litan  |  August 12, 2013  |  21 Comments

DDoS attacks are an increasingly popular method for criminals to divert bank security staff attention while defrauding bank systems. Until recently, most illegal money transfers were accomplished via account takeover – of either customer or employee accounts when the fraudsters moved money from customer accounts to their mules and eventually their own accounts.

A new much more ominous attack type has emerged over the past few months – and uses DDoS as its cover. Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.

Considerable financial damage has resulted from these attacks. One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted. See our research on the Seven Dimensions of Context Aware Security and the Five Layers of Fraud Prevention.

Category: 


Thoughts on DDoS diverts attention during Payment Switch takeover


  1. […] week, Litan wrote a blog post on the attack method, which could have resulted in the banks losing much more money than they did, […]

  2. […] out the attacks The incidents are also notable in their use of DDoS attacks to mask what was actually happening, Litan wrote in a blog post. By carrying out a persistent attack on the bank, the hackers were able […]

  3. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  4. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  5. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  6. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  7. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  8. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  9. […] der Website und ihrer Dienste sicherzustellen, erfolgt gleichzeitig eine viel ernsthaftere Attacke, berichtet die Gartner-Analystin und Sicherheitsexpertin Avivah […]

  10. […] application) itself via a privileged user account that has access to it,” she wrote in a blog post. “Now, instead of having to get into one customer account at a time, the criminals can simply […]

  11. […] denial-of-service (DDoS) attacks prior to the wire transfers taking place, said Litan, who also blogged about the issue […]

  12. […] und die betreffenden Dienste sicherzustellen. Gleichzeitig erfolgt eine viel ernsthaftere Attacke, berichtet die Gartner-Analystin und Sicherheitsexpertin Avivah […]

  13. […] (DDoS) attacks before to a handle transfers holding place, pronounced Litan, who also blogged about a emanate […]

  14. […] denial-of-service (DDoS) attacks prior to the wire transfers taking place, said Litan, who also blogged about the issue […]

  15. […] blogs.gartner.com/avivah-litan/2013/08/12/ddos-diverts-attention-during-payment-switch-takeover/ DDoS Attacks Pulling Attention Away from Bank […]

  16. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  17. […] described the attack method in a blog post last week that warned banks’ losses could have been much […]

  18. […] denial-of-service (DDoS) attacks prior to the wire transfers taking place, said Litan, who also blogged about the issue […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.