U.S. Markets close in 5 hrs 4 mins

Cybersecurity Experts Expect A Major Hack Of US Banks Early Next Year

Michael Kelley

Hackers may mount a massive cyberattack to siphon money from 30 U.S. banks early next year , according to a new cybersecurity report by McAfee labs.

The report, "Analyzing Project Blitzkrieg, a Credible Threat," details how a hacker named vorVzakone (i.e. “thief in law”) posted a call to cyberarms on a Russian-language forum in September, claiming that the “most substantial organized-banking Trojan operation seen to date” would soon begin.

The attack involves software that creates fake bank transactions or skims a portion of large bank transfers, the report said, and McAfee network security expert Pay Calhoun told CNN that  300 to 500 devices in the U.S. have already been infected.

“It is a very clever way of doing something," Hemanshu Nigam, chief executive of cybersecurity firm SSP Blue,  told The Washington Post . " It utilizes the same protocols designed to protect you to harm you.” 

McAfee discovered that   the malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, leading them to conclude that  the threat is both real and accelerating .

The forum post listed rules of engagement of the planned attack and said the Trojan has been in development since 2008 and a single team had successfully transferred $5 million with it.

The targeted banks reportedly include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One and Navy Federal Credit Union.

"Since we know about it, we will be able to protect against it," Calhoun told CNN. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it."

In June McAfee found that a cyberattack dubbed "Operation High Roller" has siphoned as much as $2.5 billion from bank accounts in Europe, the U.S. and Colombia. In September hackers (reportedly backed by Iran)  disrupted the consumer sites of  Bank of America  and JPMorgan Chase for weeks with a new  cyberweapon called "itsoknoproblembro."

SEE ALSO: How The US Invited Iranian Hackers To Attack America's Banks

More From Business Insider