Cybercriminals increasingly use online banking fraud automation techniques
Cybercriminals combine traditional banking malware with server-hosted scripts to automate online bank fraud, researchers say
IDG News Service - Cybercriminals attempted to steal at least $75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released on Monday by antivirus firm McAfee and online banking security vendor Guardian Analytics.
The new fraud automation techniques are an advancement over the so-called man-in-the-browser (MitB) attacks performed through online banking malware like Zeus or SpyEye.
Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time.
However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time, McAfee and Guardian Analytics researchers said in their report.
The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process. They can read account balances and transfer predefined sums to money mules -- intermediaries -- the selection of which is also done automatically by querying a constantly updated database of money mule accounts, the researchers said.
This type of automated attacks, which the McAfee and Guardian Analytics researchers collectively call "Operation High Roller," were first observed in Europe -- in Italy, Germany and the Netherlands. However, since March they have also been detected in Latin America and the U.S.
By extrapolating the data gathered from the European attacks, security researchers estimate that cybercriminals attempted to steal between $75 million and $2.5 billion using fraud automation techniques.
Such attacks usually target high-balance accounts owned by businesses or high net-worth individuals, the researchers said. "The United States victims were all companies with commercial accounts with a minimum balance of several million dollars."
The fraud automation scripts also allow cybercriminals to bypass two-factor authorization systems implemented by banks for security purposes.
The malware intercepts the authentication process and captures the one-time password generated by the victim's bank-issued hardware token and uses it to perform the fraud in the background. Meanwhile, the user is shown a "please wait" message on the screen.
"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters," the researchers said. "Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts