ThreatPost – (International) Cybercrime gang recruiting botmasters for large-scale MiTM attacks on American banks. A slew of major American banks may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers, ThreatPost reported October 4. RSA’s FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime group has recruited outsiders to participate in a financially motivated attack, said a cybercrime communications specialist for RSA FraudAction. The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan. Also, the gang will only share executable files with their partners, and will not give up the Trojan’s compilers, keeping the recruits dependent on the gang for updates. With this kind of scale, banks could be facing up 30 times the number of compromised machines and fraudulent transfers as the average attack, if the campaign is successful. As many as 30 banks have been targeted, many of them well known and high profile. RSA said the gang is targeting American banks because of past success in beating their defenses, as well as a lack of two-factor authentication required for transfers.
