Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Market
DoS Attacks' Next Target: Cell Phones
NEW YORK (6/3/13)--Banks and credit unions that were hit earlier this year by a series of distributed denial of service (DDoS) attacks on their online banking sites may have seen nothing yet. The next wave of targets will include using hijacked "botnets" of mobile phones of unsuspecting consumers to unleash attacks on call centers, web servers, financial accounts and even the stock market.

Smartphones are a quieter but more serious threat to financial institutions because mobile malware can be used to conduct telephony denial of service (TDoS) attacks--with high volumes of calls that tie up the target's the system so it cannot receive legitimate calls-- as well as steal mobile banking credentials to withdraw funds from accounts,  said the American Banker (May 30).

Authorities, including the Department of Homeland Security, in April were investigating an extortion scheme that hit public safety communications, hospitals and ambulance services. The scheme started with a phone call to an organization from someone claiming to be a collections company for payday loans. The caller, often with an accent, asked to speak with an employee about outstanding debt. If he didn't get payment, he launched a TDoS attack, with a continual stream of calls for an extended time that prevented legitimate incoming and outgoing calls.

A caller could use the TDoS attack in combination with Zeus or Zitmo malware against a financial institution's contact center, said Frost & Sullivan Principal Consultant Jarad Carleton in the article. The malware would coordinate a botnet of thousands of consumer smartphones--without the phone owners' knowledge-- with TDoS attacks on call centers or Web servers.

Other related frauds include:

  • Hijacking a mobile phone to call an organization's Information Technology department to change passwords. The caller ID would be proof of identification, and the consumer would be blamed.
  • Installing  malware on consumers' phones to intercept SMS messages and reroute them to a hacker, who transfers funds from the consumers' account.
  • Targeting company CEOs and using phones to eavesdrop on conversations or employing the phone's camera to watch. Once they capture the intelligence they want, the hackers can manipulate the stock market with a buying or selling spree, the article concluded.
RSS





print
News Now LiveWire
Registration lottery for #CreditUnion #CherryBlossom Ten Mile Run opens Monday, Dec. 1 http://t.co/AGkKPof5Fy. Race is April 12
3 hours ago
The turkey hasn't even been served and #creditunions are already making plans for #GivingTuesday
4 hours ago
.@bankofamerica's $16.65 billion 'toxic mortgage' settlement finalized http://t.co/BIq1QyImXG
6 hours ago
RT @CUNA: #NussleReport: ICYMI: Revised RBC proposal in January w/a 90-day comment period #Fix RBC http://t.co/T4JcvWBDse
7 hours ago
.@TheNCUA release on Nov. prohibition orders out already. Here: http://t.co/YkA1QIYbYa
7 hours ago