Security Bytes

Jun 27 2012   9:55PM GMT

Operation High Roller: Server-side automation in online bank fraud



Posted by: Marcia Savage
Tags:
banking Trojan
cyberattacks
Information Security Threats
SpyEye
Zeus Trojan

I’ve covered a lot on online bank fraud in the past – there seems to be no end to the increasingly sneaky techniques cybercriminals develop to siphon money out of victims’ bank accounts. This week, McAfee Inc. and Guardian Analytics Inc. released the findings of their investigation into a global fraud ring that takes the old techniques up a notch.

In their report, “Dissecting Operation High Roller” (.pdf), the companies report cybercriminals — building on older Zeus and SpyEye tactics – are targeting high-balance bank accounts belonging to businesses and individuals. Unlike past online bank fraud attacks using Zeus and SpyEye, though, these new attacks use server-side components and heavy automation. According to the report, the attacks have been mostly in Europe, but are now spreading to the U.S.

Criminals have tried to steal more than $78 million in fraudulent transfers from at least 60 financial institutions, including large global banks, credit unions and regional banks, the report said.

In a blog post, Dave Marcus, director of advanced research and threat intelligence at McAfee, noted that by shifting from traditional man-in-the-browser attacks on a victim’s PC to server-side automation attacks, criminals have moved from multipurpose botnet servers to cloud-based servers that are purpose-built and dedicated to processing fraudulent transactions. The strategy, he said, helps criminals move faster and avoid detection.

The report describes attacks in the U.S. and The Netherlands as using a server located with an ISP with “crime-friendly usage policies” and moved frequently to avoid discovery.

All pretty unsettling stuff, suffice to say. And, according to the report, financial institutions can expect even more automated and creative forms of fraud in the future.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: