Cybercriminals Use Online Banking Fraud Automation Techniques
Cybercriminals combine traditional banking malware with server-hosted scripts to automate online bank fraud, researchers say.
Cybercriminals attempted to steal at least US$75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released by antivirus firm McAfee and online banking security vendor Guardian Analytics.
Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time.
However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time, McAfee and Guardian Analytics researchers said in their report.
Attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time
The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process. They can read account balances and transfer predefined sums to money mules -- intermediaries -- the selection of which is also done automatically by querying a constantly updated database of money mule accounts, the researchers said.
This type of automated attacks, which the McAfee and Guardian Analytics researchers collectively call "Operation High Roller," were first observed in Europe -- in Italy, Germany and the Netherlands. However, since March they have also been detected in Latin America and the U.S.
By extrapolating the data gathered from the European attacks, security researchers estimate that cybercriminals attempted to steal between $75 million and $2.5 billion using fraud automation techniques.
Such attacks usually target high-balance accounts owned by businesses or high net-worth individuals, the researchers said. "The United States victims were all companies with commercial accounts with a minimum balance of several million dollars."
The fraud automation scripts also allow cybercriminals to bypass two-factor authorization systems implemented by banks for security purposes.
The malware intercepts the authentication process and captures the one-time password generated by the victim's bank-issued hardware token and uses it to perform the fraud in the background. Meanwhile, the user is shown a "please wait" message on the screen.
"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters," the researchers said. "Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices."
The company is mulling how to tell businesses about rapid-fire changes to the new OS
Cumulative Update 5 for Windows 10 Home corrects an issue that made it impossible to disable automatic app updates through the Windows Store.
Third-party data supports Microsoft's claim that Windows 10 is off to a strong start
The case shows how wide a net officials have cast in prosecuting online activities related to ISIS