After seeing a good ISACA presentation today at the Renaissance in Saint Louis (near airport)
http://www.isaca.org/chapters5/Saint-Louis/Pages/default.aspx by Josh Vander Veen with SpearTip
Here are my notes:
Sophistication of criminal attack is on the rise.
Many small businesses have a false sense of security and say the following:
I’m just a small company why would they come after me?
In one attack (against a small company) a combination attack started with a keylogger(program that records keyboard keys) running on a person’s computer who handles ACH transfers.
Then a DDOS attack occurred on the mail server and attacking company computers in general. This was to delay the mail server from receiving notification emails and to confuse the IT department.
The criminal was performing ACH transfers to one of his mules while the DDOS attacks happened.
In a small company one person has several functions and the criminals find this person. (and get a keylogger installed).
Once the keylogger is installed the criminal finds out who runs the ACH transactions… and the company is to be cased out (enumerated) completely.
Then find out when the CEO is on vacation (so the person in charge of ACH transfers) can make decisions themselves).
Now the plan comes into being
Guess which criminal was working this angle? Yes the infamous Evgeniy Mikhailovich Bogachev.
So, first find a company that is small enough to have only 1 or 2 people running ACH’s, then figure out a way to get the GOZ (Game Over Zeus) malware on this person’s computer.
Then once that has been accomplished, case the mail server and other IT resources.
Now prepare DDOS attacks. A review to DDOS (Dynamic Denial Of Service). DDOS by itself does not do much, but when used to actually reduce capabilities (like ACH function or email) that may cause problems.
DDOS attacks make traffic so busy on the target that the target is not usable. Usually target does not get hacked directly, it is more of an indirect attack.
For example if an email gets sent from the bank when ACH is performed as a precaution and review of a transaction it may not be able to be sent if the mail server is being DDOSed
So the combination of attacks have netted Bogachev millions of dollars and the #1 status within the FBI most wanted list (some time ago. Although I see he is no longer on the list as there was a $3mil reward on him last time I looked (I was able to get the image above on July 3rd http://oversitesentry.com/it-security-is-a-mindset/).
Instead of Bogachev there are new criminals today:
https://www.fbi.gov/wanted/cyber/peteris-sahurovs/view
Peteris has been indicted for wire fraud as in the image:
{ Peteris Sahurovs is wanted for his alleged involvement in an international cybercrime scheme that took place from February of 2010 to September of 2010. The scheme utilized a computer virus that involved the online sale of fraudulent computer security programs that defrauded Internet users of more than $2 million.
It is alleged that in February of 2010, Sahurovs contacted an online newspaper claiming to work for an online advertising agency that represented a hotel chain that was seeking to place advertisements on the paper’s website. Sahurovs utilized fraudulent references and bank accounts to deceive the newspaper into believing he represented a legitimate advertising agency.
Sahurovs provided electronic files containing the fictitious hotel advertisements to the newspaper, which began running the advertisements on its website. He then replaced the hotel advertisements with a file containing a malicious computer code, or malware, which infected the computers of people who visited the website and required them to purchase antivirus software for $49.95 to regain control of their computers. If the users did not purchase the software, their computers immediately became inundated with pop-ups containing fraudulent “security alerts,” and all information, data and files stored on the computers became inaccessible.
Sahurovs allegedly conducted the same fraudulent advertising and infection scheme against numerous online businesses. }
there is a $50,000 reward for him.
The criminals are always “working” are you preparing?
1 thought on “DDOS Attack Allows Million$ Transferred To Mule”