[credit provider=”Flickr/Don Hankins” url=”http://www.flickr.com/photos/[email protected]/2438005410/”]
Hackers may mount a massive cyberattack to siphon money from 30 U.S. banks early next year, according to a new cybersecurity report by McAfee labs.The report, “analysing Project Blitzkrieg, a Credible Threat,” details how a hacker named vorVzakone (i.e. “thief in law”) posted a call to cyberarms on a Russian-language forum in September, claiming that the “most substantial organised-banking Trojan operation seen to date” would soon begin.
The attack involves software that creates fake bank transactions or skims a portion of large bank transfers, the report said, and McAfee network security expert Pay Calhoun told CNN that 300 to 500 devices in the U.S. have already been infected.
“It is a very clever way of doing something,” Hemanshu Nigam, chief executive of cybersecurity firm SSP Blue, told The Washington Post. “It utilizes the same protocols designed to protect you to harm you.”
McAfee discovered that the malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, leading them to conclude that the threat is both real and accelerating.
The forum post listed rules of engagement of the planned attack and said the Trojan has been in development since 2008 and a single team had successfully transferred $5 million with it.
The targeted banks reportedly include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One and Navy Federal Credit Union.
“Since we know about it, we will be able to protect against it,” Calhoun told CNN. “We’re working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it.”
In June McAfee found that a cyberattack dubbed “Operation High Roller” has siphoned as much as $2.5 billion from bank accounts in Europe, the U.S. and Colombia. In September hackers (reportedly backed by Iran) disrupted the consumer sites of Bank of America and JPMorgan Chase for weeks with a new cyberweapon called “itsoknoproblembro.”