Carl Herberger, vice president of security solutions at security firm Radware said, “If I’m a small band of thugs and I’ve been using handguns and rifles, I’ve now given myself electronic access to major weapons systems.” Among the tools used for the cyber attacks on banks in the U.S. a major tool is a variant of a malware found by security firms in “labs in Saudi Arabia,” though it is “slightly different” from that used by the attackers.
What is yet not known is whether the malware originated in Saudi Arabia or the entire thing was coincidental. Herberger said, “Whether or not it originated there is anybody’s guess.” Radware’s finds suggests that other servers around the world may be affected by the malware and this might not be the end to the attacks.
In a major digression from normal malware, the variant used in the cyber attacks has been created to live on servers rather than on desktops, indicating clearly that the malware was meant to affect institutional systems rather than individual users. Herberger also observed that the attacks are originating from independent data centers within trusted networks of banks. “This is causing some consternation,” he said.
National security officials, however, think that Iran’s secret cyber attack force is behind the attack. On the other hand, this week, Iran has denied any involvement in the matter and said its own communication companies had been hit by a cyber attack.
The recent attacks on U.S. banks have flummoxed private cyber-security professionals, who are taken aback by the power and scale of the attacks. Organizations affected by the attacks include Chase, BofA, USB, PNC, and NYSE Euronext’s New York Stock Exchange.