What is a Salami Attack?
A salami attack is when small attacks add up to one major attack that can go undetected due to the nature of this type of cyber crime. It also known as salami slicing. Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well .The attacker uses an online database to seize the information of customers that is bank/credit card details deducting very little amounts from every account over a period of time. The customers remain unaware of the slicing and hence no complaint is launched thus keeping the hacker away from detection.
Salami Attack Incidents
In January 1993, four executives of a rental-car franchise in Florida were charged with defrauding at least 47,000 customers using a salami technique.
In Los Angeles, in October 1998, district attorneys charged four men with fraud for allegedly installing computer chips in gasoline pumps that cheated consumers by overstating the amounts pumped.
In 2008, a man was arrested for fraudulently creating 58,000 accounts which he used to collect money through verification deposits from online brokerage firms a few cents at a time. While opening the accounts and retaining the funds may not have been illegal by themselves, the authorities charged that the individual opened the accounts using false names (including those of cartoon characters), addresses, and social security numbers, thus violating the laws against mail fraud, wire fraud, and bank fraud.
How to identify the salami attack
The only way to detect salami attack according to me is to perform rigorous white box testing by checking each and every line of code which is exhaustive but that’s the only way.
a) The corporate has to update the security of the system as high as possible so that if the attacker is taking advantage of any loophole than that bug is patched and attack is avoided.
b) Also those banks should advise customers on reporting any kind of money deduction that they aren’t aware that they were a part of. Whether a small or big amount, banks should encourage customers to come forward and openly tell them that this could mean that an act of fraud could very well be the scenario.
c) Most Important according to me is that Customers should ideally not store information online when it comes to bank details, but of course they can’t help the fact that banks rely on a network that has all customers hooked onto a common platform of transactions that require a database. The safe thing to do is to make sure the bank/website is highly trusted and hasn’t been a part of a slanderous past that involved fraud in any way.
This attack is not only on the banks but also on any entity where slicing can be performed and people are made unaware of the crime.
Source : wegilant.com