NEW YORK (6/3/13)--Banks and credit unions that were hit earlier this year by a series of distributed denial of service (DDoS) attacks on their online banking sites may have seen nothing yet. The next wave of targets will include using hijacked "botnets" of mobile phones of unsuspecting consumers to unleash attacks on call centers, web servers, financial accounts and even the stock market.
Smartphones are a quieter but more serious threat to financial institutions because mobile malware can be used to conduct telephony denial of service (TDoS) attacks--with high volumes of calls that tie up the target's the system so it cannot receive legitimate calls-- as well as steal mobile banking credentials to withdraw funds from accounts, said the American Banker
Authorities, including the Department of Homeland Security, in April were investigating an extortion scheme that hit public safety communications, hospitals and ambulance services. The scheme started with a phone call to an organization from someone claiming to be a collections company for payday loans. The caller, often with an accent, asked to speak with an employee about outstanding debt. If he didn't get payment, he launched a TDoS attack, with a continual stream of calls for an extended time that prevented legitimate incoming and outgoing calls.
A caller could use the TDoS attack in combination with Zeus or Zitmo malware against a financial institution's contact center, said Frost & Sullivan Principal Consultant Jarad Carleton in the article. The malware would coordinate a botnet of thousands of consumer smartphones--without the phone owners' knowledge-- with TDoS attacks on call centers or Web servers.
Other related frauds include:
- Hijacking a mobile phone to call an organization's Information Technology department to change passwords. The caller ID would be proof of identification, and the consumer would be blamed.
- Installing malware on consumers' phones to intercept SMS messages and reroute them to a hacker, who transfers funds from the consumers' account.
- Targeting company CEOs and using phones to eavesdrop on conversations or employing the phone's camera to watch. Once they capture the intelligence they want, the hackers can manipulate the stock market with a buying or selling spree, the article concluded.