DDoS attacks are an increasingly popular method for criminals to divert bank security staff attention while defrauding bank systems. Until recently, most illegal money transfers were accomplished via account takeover – of either customer or employee accounts when the fraudsters moved money from customer accounts to their mules and eventually their own accounts.
A new much more ominous attack type has emerged over the past few months – and uses DDoS as its cover. Once the DDoS is underway, this attack involves takeover of the payment switch (e.g. wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.
Considerable financial damage has resulted from these attacks. One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted. See our research on the Seven Dimensions of Context Aware Security and the Five Layers of Fraud Prevention.
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.