Symantec: Data-stealing hackers use DDoS to distract from attacks

Symantec: Data-stealing hackers use DDoS to distract from attacks

Summary: Cybercriminals are distracting banks and other businesses with a DDoS attack while they quietly lay siege to sensitive data on the network, which they can use for credit card cloning and other fraud.

SHARE:
0

Symantec says it has detected a new type of disguised attack that uses a distributed denial-of-service (DDoS) to draw a business's attention away from a more important security breach.

The multi-vector attack includes the DDoS as a bluff so it can quietly target another vulnerability, the company said at the RSA Europe 2012 conference in London on Tuesday.

Francis de Souza at RSA 2012
At the RSA Europe 2012 conference, Symantec's Francis deSouza outlined a new diversionary tactic used by hackers. Image: Jack Clark

"It's an attack where multiple seemingly different attacks are launched by an adversary on a target," Francis deSouza, Symantec's head of enterprise products and services, said during a keynote speech. "DDoSes have gone from being a blunt-forced attack to being a sophisticated diversionary attack to disguise another attack."

DeSouza said financial services companies handling vast amounts of data are most susceptible to these tactics.

In the past year, for example, phishing attacks have been directed at IT administrators at European banks, he noted. These eventually enabled malware to penetrate the banks' systems and steal login credentials.

As soon as the criminals had the login details, they launched the DDoS attacks against the banks. This was carefully timed so that it occurred on a Friday afternoon when IT departments were thinly staffed.

"Once the attack was launched, the IT department predictably moved resources to deal with DDoS attack," said deSouza.

While this was happening, the cybercriminals launched the real attack, which allowed them to grab and clone private data that could be used to steal money.

They then handed the operation over to the monetisation team, who created ATM cards, debit cards and credit cards, which were handed out to money mules.

The cybercriminal gang hired individual contractors who took the cards to ATM machines and drained $9m in 48 hours from a selection of accounts in cities across the world.

DeSouza argued that the most effective way to prevent attacks is not just to look out for DDoS but to look at the end-to-end attack in its entirety.

Multi-flank attacks

However, Art Coviello, executive chairman of RSA, told ZDNet that he has observed multi-flank attacks for several years.

"We ourselves are a victim of such attacks," said Coviello, referring to the security provider he represents. "We're only as strong as the weakest link, because an attack on one company could be used to perpetrate an attack on a second company, which could be used to perpetrate an attack on a third company.

"That just speaks to the level of sophistication that these guys are going to, and I do find it quite chilling."

Topics: Security, Banking, Symantec

Sam Shead

About Sam Shead

Sam is generally at his happiest with a new piece of technology in his hands or nailing down an exclusive story. In the past he's written for The Engineer and the Daily Mail. These days, Sam is particularly interested in emerging technology, datacentres, cloud, storage and web start-ups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion