2013-02-21: Cyberheist masked by DDoS
Level Four Attack
A coordinated multi-level attack was launched against a California-based online banking system on Dec 24, 2012, resulting in the theft of $900,000 from a single customer. It was masked by a Distributed Denial of Service attack.
Krebs on Security suggests that this modus operandi resembles several other recent cyberheists, in the millions-of-dollars range. They tend to use a botnet (Zeus) to both remotely-control "money mule" machines and likely also to perform the DDoS to cover their tracks.
I've given this report the first Level Four Attack rating of the Gibson Index, because the monetary damage seems to be fairly high. For a quick comparison, if you assign a $1 valuation to the information of each user stolen from Walla portal's Level Three attack, this cyberheist is approximately 30% larger. The fact that a Level Two attack was used as a distraction tactic also contributes to the higher ranking, as does the fact that there seems to be an ongoing campaign of these sorts of cyberheists.
- Krebs on Security: DDoS Attack on Bank Hid $900,000 Cyberheist