The Washington Post

Cybersecurity firm identifies ‘credible threat’ to 30 U.S. banks

A report from McAfee Labs says hackers could create fake bank transactions, or skim a portion of high-dollar bank transfers. (Jeffrey MacMillan)

Hackers may stage a massive fraud attack on 30 U.S. national, investment and regional banks early next year, according to a new cybersecurity report.

The report, scheduled to be released Thursday by McAfee Labs, warns the financial industry to be wary of software that creates fraudulent online banking transactions. Hackers could create fake bank transactions, or skim a portion of high-dollar bank transfers, the report said.

The report links the threat to a program called Project Blitzkrieg, which hackers say has been in development since 2008 and has already stolen $5 million. The attacks have now reached the United States, Mc­Afee reports. There have been 300 to 500 U.S. victims in the past couple of months, and the effort could reach full strength by spring, said Pat Calhoun, a network security expert at McAfee.

The McAfee report backs up an October report from cybersecurity firm RSA that said a Russia-based hacker nicknamed “vorVzakone” was recruiting for the “most substantial organized-banking Trojan operation seen to date.” In an unusual move, vorVzakone publicly discussed his plans on Web forums and in videos, leading some to believe that effort was simply a law enforcement trap.

McAfee found that the threat is not only real, but accelerating.

The software can mimic valid banking transactions and even intercept tracking e-mails consumers use to flag suspicious activity. Calhoun said hackers could target high-dollar transactions, making it more likely that small discrepancies will be overlooked.

“It is a very clever way of doing something. It utilizes the same protocols designed to protect you to harm you,” said Hemanshu Nigam, chief executive of cybersecurity firm SSP Blue.

Hackers have increasingly targeted U.S. banks in recent months. In September, hackers flooded the consumer sites of Bank of America and JPMorgan Chase with traffic, causing them to crash.

Nigam said hackers may use such attacks to understand bank security protocols and designs.

Doug Johnson of the American Bankers Association said financial institutions are aware of these threats and rely on information from the public and private sectors to stay prepared.

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments
Most Read
Failed to render /WEB-INF/jsp/features/most/sidebar/feature.jsp. Cause: An exception occurred processing JSP page /WEB-INF/jsp/features/most/sidebar/feature.jsp at line 116 113: ${globemail} 114: 115: 116: <%=list.get(0) %> 117: 118: 119: <%=list.get(1) %> Stacktrace:. See Server Logs for detail.
DJIA -2.24%
NASDAQ -3.02%
Last Update: 1:43 PM 02/08/2016(DJIA&NASDAQ)



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.