McAfee Global Threat Intelligence shows a vorVzakone malware campaign that targeted victims across the U.S. during a two-month period, with the latest victim infected on October 25.
The wave of distributed denial of service attacks that hit U.S. banks in October was next-to-nothing compared to what could happen if cybercriminals actually carry through with their plans for next year.
According to a report (PDF) released today by McAfee Labs, an impending attack on U.S. financial institutions — dubbed Project Blitzkrieg — isn't only a possibility, it's a "credible threat."
"McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned," the report reads. "Although Project Blitzkrieg hasn't yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred."
Project Blitzkrieg is believed to be headed by an individual known as vorVzakone, according to McAfee. In September, vorVzakone announced a massive fraud campaign to be launched against 30 U.S. banks in spring 2013. VorVzakone also put out a call to arms for fellow hackers to join his cause. The attacks are said to be done with a highly developed Trojan that could infect victims' computers, plant software, and allow cybercriminals to steal information and money.
Despite several security analysts doubting the legitimacy of vorVzakone's claims or believing the campaign was called off since it has become public, McAfee still believes the threat exists. Security researchers for the company were able to find evidence of vorVzakone using a Trojan a couple of months ago that infected between 300 to 500 victims' computers throughout the U.S.
Rather than being a sweeping attack, McAfee said the campaign will selectively target accounts at investment banks, consumer banks, and credit unions. Going after selected groups makes it easier for vorVzakone to stay under the radar and not be detected by network defenses, according to McAfee.
"This attack combines both a technical, innovative backend with the tactics of a successful, organized cybercrime movement," McAfee's report reads. "If the aims of Project Blitzkrieg, as vorVzakone has claimed, become fully realized by spring 2013, the financial industry needs to be prepared."