4 Replies Latest reply on Oct 11, 2012 12:37 PM by sol

    Project Blitzkrieg - Russian attack on US Banking Industry

    sol

      The latest in cyber attacks or should we just call it what it seems to be which is Cyber War games?

       

      Project Blitzkrieg is a rumored future series of attacks on multiple US banks. Information on underground forums says the Russian hacker "vorVzakone" is recruiting and training botmasters to launch multiple attacks to steal money by hijacking online banking sessions. The attacks are supposed to use the malware Gozi. The project is also supposed to flood the banks' phone lines to interrupt communications and prevent confirmation of the large transactions with clients. Further, each participant of the plan will be rewarded with a part of the stolen money. vorVzakone will offer insurance in case any botmaster is arrested and prosecuted for participating in the project.

       

      http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-c yberheists-against-u-s-banks/

       

       

      Known associated Trojans

       

      Downloader-BPX, Suspect-BA, PWS-Spyeye.cj , PWS-Zbot.gen.hv , and Generic.bfr.

        • 1. Re: Project Blitzkrieg - Russian attack on US Banking Industry
          Hayton

          There is a certain amount of scepticism about this affair. I read the Krebs article and have seen several other pieces about it. The original alert came from RSA in a blog post, which was not forthcoming about the source of the information. There has been a certain amount of "forum chatter" on the underground forums used by Russian and other cybercriminals but the proposed attack, if genuine, is still in the early stages of planning and requires a little-known Trojan ("Gozi Prinimalka") to implement the attack.

           

          Much of the scepticism is, as Brian Krebs notes, because the apparent recruiter and front man for this enterprise - "vorVzakone", first name Sergei - is strongly suspected by those who know about these things of running a sting operation. There is as yet nothing coming through from the Russian contributors to the Russian Cybercrime groups, which may be a sign that they don't rate this very highly. Even RSA note that

          Organized crime in the fraudster underground is normally orchestrated within private circles, and it is almost unheard of for a cyber gang to turn to masses of “UnderWeb” dwellers in order to find recruits for its operations. The move is both risky and peculiar considering recent law enforcement operations in the underground

           

          There is though a storm of scornful and derisive Russian feedback in the comments to Krebs' article, much of it unprintable here. The more thoughtful ones note that "NSD"'s cover has been well and truly blown, since everyone now knows that the supposed technical leader is one Oleg Vsevolodovich Tolstykh, who makes a habit of getting stopped by the Moscow police for speeding and must be well-known to them. Appearing - identifiably - in this promotional video when half the Moscow police force would recognise him and his cars by sight can only be considered a very odd thing to do. The general consensus seems to be that the FSB may be behind this.

           

          RSA of course have a vested interest in playing this for all it's worth because the US banking industry is lagging behind European banks in the introduction of 2-factor authentication for financial transactions. It's good publicity for them and probably good for their final-quarter sales figures.

           

          McAfee are taking this seriously enough (because of the media excitement) to include a note about this in their latest Security Advisory, MTIS12-161 :

           

          Threat Identifier(s):             Pjct Blitzkrieg

          Threat Type:                      Malware

          Risk Assessment:                  Medium

          Main Threat Vectors:              Web; LAN; WAN; E-Mail

          User Interaction Required:        Yes

          Description:                      Project Blitzkrieg is a rumored future series of attacks on multiple US banks. Information on underground forums says the Russian hacker "vorVzakone" is recruiting and training botmasters to launch multiple attacks to steal money by hijacking online banking sessions. The attacks are supposed to use the malware Gozi. The project is also supposed to flood the banks' phone lines to interrupt communications and prevent confirmation of the large transactions with clients. Further, each participant of the plan will be rewarded with a part of the stolen money. vorVzakone will offer insurance in case any botmaster is arrested and prosecuted for participating in the project.

          Importance:                       High. Planned DDoS attacks, targeting multiple U.S. banks, have gained media attention


          McAfee Product Coverage *


          DAT files:                        Coverage for known associated malware is provided as Downloader-BPX, Suspect-BA, PWS-Spyeye.cj , PWS-Zbot.gen.hv , and Generic.bfr.

           

           

          Message was edited by: Hayton on 11/10/12 15:59:26 IST
          • 2. Re: Project Blitzkrieg - Russian attack on US Banking Industry
            sol

            The not so publicised realtionship between china and russia is a bit scary in ways. Both very intelligent countries, both tend to be silent. Transparency is not over rated in these countries.

             

            With last weeks attack and the attacks on our government systems as of recent...  I feel it's just a matter of time. I wouldn't put to much on any one form of attack, I think it will be a multitude of attacks. I think these little attacks are just testing affairs in preparation for the big one.

             

            Monitoring reaction, timeframes, finding where the weaknesses are, the intelligence, abilities, etc. I remember the intelligence once saying that they have a plan in place for a cyber attack... unfortunately, it can only be used once so it's not something they would use for sporadic attacks..   But when does one really know when the real attack is here and will reaction be to slow?

             

            America's intelligence could also be it's worst enemy.. technology before security seems like a recipe for failure,

            • 3. Re: Project Blitzkrieg - Russian attack on US Banking Industry
              Hayton

              This is nothing to do with China. Nor is it a state-sponsored assult on the American financial sector. It looks, as many people are saying, like the Russian authorities setting up a sting operation to catch greedy and unwary members of the criminal underground. RSA are playing it up because it suits them to do so. And two-factor authentication is already planned for US financial transactions, the major players are just being slow to implement it - which does indeed leave a window of opportunity for any cybercrook who wants to exploit the known weaknesses in the system. Don't get too paranoid - as Brian Krebs notes, these attacks mostly won't succeed if a system is properly patched. And if someone is lazy or ignorant and doesn't patch their installed software then they're a sitting duck anyway for any script kiddie who wants to take over their system.

              • 4. Re: Project Blitzkrieg - Russian attack on US Banking Industry
                sol

                From the sounds of it... fear is being placed for financial gain... Gee, I wonder where that strategy comes from. (cough, cough)

                 

                I tell ya Hayton, the bigger they are the harder they are to fall but they are not to big to fail, and what goes around comes around. One day Hayton, one day... POW! to the moon!

                 

                Have a wonderful day!