Hackers may stage a massive fraud attack on 30 US national, investment and regional banks early next year, according to a new cybersecurity report.
The report, scheduled to be released Thursday by McAfee Labs, warns the financial industry to be wary of software that creates fraudulent online banking transactions. Hackers could create fake bank transactions, or skim a portion of high-dollar bank transfers, the report said.
The report links the threat to a program called Project Blitzkrieg, which hackers say has been in development since 2008 and has already stolen $5 million. The attacks have now reached the United States, McAfee reports. There have been 300 to 500 U.S. victims in the past couple of months, and the effort could reach full strength by spring, said Pat Calhoun, a network security expert at McAfee.
The McAfee report backs up an October report from cybersecurity firm RSA that said a Russia-based hacker nicknamed "vorVzakone" was recruiting for the "most substantial organized-banking Trojan operation seen to date." In an unusual move, vorVzakone publicly discussed his plans on Web forums and in videos, leading some to believe that effort was simply a law enforcement trap.
McAfee found that the threat is not only real, but accelerating.
The software can mimic valid banking transactions and even intercept tracking e-mails consumers use to flag suspicious activity. Calhoun said hackers could target high-dollar transactions, making it more likely that small discrepancies will be overlooked.
"It is a very clever way of doing something. It utilizes the same protocols designed to protect you to harm you," said Hemanshu Nigam, chief executive of cybersecurity firm SSP Blue.
Hackers have increasingly targeted U.S. banks in recent months. In September, hackers flooded the consumer sites of Bank of America and JPMorgan Chase with traffic, causing them to crash.
Nigam said hackers may use such attacks to understand bank security protocols and designs.
Doug Johnson of the American Bankers Association said financial institutions are aware of these threats and rely on information from the public and private sectors to stay prepared.