What is a way to make hundreds of hacks possible with online banking?

ByStian Eikeland

Although I do not have to bother to go to the store or ATM, I can easily transfer from my home to the bank and balance inquiries with online banking, but due to the high-tech bank robbery via the new pattern net that stuck the weak point, The possibility that hundreds of millions of accounts are hacked and the threat of the near future will be revealed.

2012 Threatscape Report
(pdf)http://www.secureworks.com/assets/pdf-store/other/2012.threatscape.report.pdf

Fraudsters target "wire payment switch" at banks to steal millions - SC Magazine
http://www.scmagazine.com/fraudsters-target-wire-payment-switch-at-banks-to-steal-millions/article/307755/

Until now, hacking of bank accounts has taken the approach of acquiring the user's login information and accessing the account to withdraw money,DDoSThere is a report that a new method using attacks has been reported, and besides, in a system that executes and manages electronic remittance by sending malware to the e-mail address of a bank clerk and infecting the computer The hand that access is used.

ByDon Hankins

As the name of the toolkit to infect malwareDirt JumperAre listed. In April 2013Dell SecureWorksAccording to the report released, Dirt Jumper is a C2 botnet dedicated to HTTP-based DDoS attacks, when infected it can attack from domains and IP addresses and can execute new threads from all tasks This seems to make it possible to extract and manipulate certificates necessary for access while delaying or consolidating machines with DDoS attacks. This is a kit that can be purchased for 200 dollars (about 20,000 yen), the fraud organization tested bankers and connected remittance routes to banks such as Russia, Cyprus and China, although attempted, 18 There were also plans to transfer as much as $ 2.1 million (about 200 million yen) from ten thousand dollars (about 17.7 million yen).

By@ Superamit

The damage caused by this Dirt Jumper is spreading internationally, especially intensively attacked in Ukraine, the United States, Russia. At the stage of September 2012 FBI,FS-ISAC(Information sharing analysis center of American financial industry),IC3(Net crime report center), a joint alert declaration against Dirt Jumper has been announced. Bank employees created remote access routes from phishing e-mails, keyloggers, and stolen certificates such as bank customer information. Despite the fact that there was no announcement, the confirmed fact reveals that the accounts with the highest balance were accessed from multiple browsed accounts.

By* Seth

It is a company that conducts research and advice in IT fieldGartnerofAvivah LitanSaid that at least three banks in the United States had "low power DDoS attacks" over the past few months. The attack was done to divert bank attention and resources from hacking. The name of the damaged bank is hidden.

ByRobbert van der Steeg

The bank did not assume that the system portion of the electronic remittance will be attacked until the customer receives a report from the customer that the account is being hacked. As the site of the remittance service is downed by attacks, the bank loses trust at the same time as money and the security team seems to panic as to what priority should be taken. As a countermeasure to minimize the damage by banks, Mr. Litan suggests that money receipt and remittance systems should be slowed down while receiving DDoS attacks.

ByPhotosteve101

It seems that serious damage has not yet reached the surface, but the current situation is that alerts are required around the world as a tool kit that enables massive remittances is on the market, even if it is online banking It is also necessary to acknowledge the fact that damage by "bank robbery" is possible.

In Japan, the attack which aimed at the password usage finally started to increase rapidly, but in the near future, as the online banking site itself like overseas itself is approaching a large scale of attacks , It is likely that damages are less likely to be distributed to multiple accounts rather than depositing them all in a single account. In that case, again, it is important to take security measures on their own by using password manager or one-time authentication for each site.