Cybercriminals Use Online Banking Fraud Automation Techniques
Cybercriminals combine traditional banking malware with server-hosted scripts to automate online bank fraud, researchers say.
Cybercriminals attempted to steal at least US$75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released by antivirus firm McAfee and online banking security vendor Guardian Analytics.
Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time.
However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time, McAfee and Guardian Analytics researchers said in their report.
Attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time
The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process. They can read account balances and transfer predefined sums to money mules -- intermediaries -- the selection of which is also done automatically by querying a constantly updated database of money mule accounts, the researchers said.
This type of automated attacks, which the McAfee and Guardian Analytics researchers collectively call "Operation High Roller," were first observed in Europe -- in Italy, Germany and the Netherlands. However, since March they have also been detected in Latin America and the U.S.
By extrapolating the data gathered from the European attacks, security researchers estimate that cybercriminals attempted to steal between $75 million and $2.5 billion using fraud automation techniques.
Such attacks usually target high-balance accounts owned by businesses or high net-worth individuals, the researchers said. "The United States victims were all companies with commercial accounts with a minimum balance of several million dollars."
The fraud automation scripts also allow cybercriminals to bypass two-factor authorization systems implemented by banks for security purposes.
The malware intercepts the authentication process and captures the one-time password generated by the victim's bank-issued hardware token and uses it to perform the fraud in the background. Meanwhile, the user is shown a "please wait" message on the screen.
"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters," the researchers said. "Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices."
Researchers at USENIX Security '14 are sharing the latest findings in security and privacy, and here are 5 that are particularly interesting.
Not enough manpower and too much data growth.
IBM has signed a five-year multi-million dollar agreement credit information provider, Veda, in A/NZ.
Telstra's Cloud Collaboration service is scheduled to go live globally at the end of the August, with four nodes to provide access to 25 countries across the telecommunications provider's network of more than 2500 points of presence (PoPs).