Will 2013 Be the Year of the Cyber Threat?

In 2012, terms like “fiscal cliff” and “regulatory burden” became part of the credit union lexicon. With the threat of cyber attacks looming, 2013 may see terms like “Project Blitzkrieg,” “DDos,” and “Shamoom” added to the credit union vernacular—and to the movement’s list of top priorities.

Project Blitzkrieg

On Dec. 13, 2012, the security firm McAfee released a report detailing Project Blitzkrieg and the potential threat of a massive cyber attack on U.S. financial institutions. Project Blitzkrieg is a planned coordinated attack against U.S. financial service customers that is allegedly planned for spring 2013. The McAfee research shows the project to be a real and credible threat.

Project Blitzkrieg is built upon the use of a Trojan program called Gozi Prinimalka. The program is designed to detect when an infected computer accesses a banking website and steal the member’s log-in credentials and other data associated with your member’s account. Once the cybercriminals have identified potential victims with high account balances, they plan to use the stolen information to clone the victims computer, enter the stolen credentials, and initiate money transfers to accounts set up by others participating in the crime. The money mules will then withdraw the funds and transfer them out of the country.

While this type of attack focuses on the member’s computer and not the credit union’s systems, there are still a number of steps credit unions can take to help put a stop to these cybercriminals, according to David Curtis, director of compliance services for the Northwest Credit Union Association (NWCUA).

“One of the first is to advise your members to update their antivirus software and run regular scans of their computers,” Curtis said. “Your members should also report any suspicious message or pop-ups that are not typical of your online banking.”

And according to McAfee, credit unions can also tweak their fraud detection systems to look for behavior not normally associated with your member. Such as foreign IP addresses (although the cloning makes this harder to detect), log-ins at unusual hours (most of your members probably are not accessing their accounts at 3am), or transactions for multiple unrelated accounts going to accounts owned by the same person.

“Another consideration to keep in mind is any fraudulent transfer out of your member’s account due to this attack is considered an unauthorized electronic funds transfer,” Curtis said. “Hence, your member’s liability is limited under Regulation E, and you as the credit union may end up writing off the loss.”

Direct Denial of Service (DDoS)

DDoS made headlines this past fall when “Cyber Fighters of Izz ad-Din al-Qassam” announced that it was going to launch major DDos attacks against targeted U.S. banks. The outcome of these attacks was that several of the banks online services went down, sometimes for several days.

Unlike Project Blitzkrieg, DDoS attacks are focused on the financial institutions systems and not the members. DDoS are simple in concept; they use multiple computers (often Botnets) to send an overwhelming amount of data at the target. With enough data, eventually any system will no longer be able to handle even legitimate requests.

The Cyber Fighters have stated that they will begin launching more attacks against financial institution websites as part of “Operation Ababil.”

“Credit unions will want to check with their IT departments to see what steps they can take to be better prepared for a possible attack,” Curtis said. “A good place to start is checking with providers about the amount of extra traffic that systems can handle and seeing what options are available to bolster those systems in case of an attack.”


In October, U.S. Defense Secretary Leon Panetta stated that the Shamoon virus that attacked Saudi Arabia’s state oil company, ARAMCO, was probably the most destructive attack the business sector has seen to date.

An analysis from the security firm Kaspersky found the attack to be a quick and dirty job. The malware overwrites the master boot record of hard drives and overwrites all the real data on the computer with garbage data.

“While Shamoon far from the league of Stuxnet and Flame malware, the potential downside of an infection to a credit unions systems is something to take seriously,” Curtis said.


Questions? Contact the Compliance Hotline: 1.800.546.4465, compliance@nwcua.org.

Posted in Advocacy News, Around the NW, Compliance News.