14 DAY TRIAL // Guardian Analytics and security firm McAfee have discovered a cybercriminal operation that has made serious holes in high balance bank accounts from the United States, Latin America and countries from the European Union. Because the campaign targets only high-value accounts, it has been dubbed “Operation high roller.”
Regular attacks that rely on infamous malware such as ZeuS or SpyEye usually require a lot of attention from the mastermind of the operation, but in this case, the dozen or so groups involved in “Operation high roller” have been found to rely on heavy automation.
Extensive automation, including server-side and two-factor physical bypass automation, allow the attackers to steal large amounts of money with a minimal effort from wealthy individuals, credit unions, regional banks and even large global banks.
Other mechanisms employed by the cybercriminals include techniques against security software and fraud detection systems. Multiple “after-the-theft behaviors” designed to hide evidence of the transaction from the victim are also utilized.
Around 60 servers in charge of processing the theft attempts have been uncovered.
The first attacks were spotted at the beginning of 2012 in Italy. Malware was used to transfer funds from consumer and business accounts to the ones owned by money mules, or to prepaid debit cards.
After that, the attacks expanded to Germany, Netherlands, Latin America and then the US.
Some of the targeted accounts held between 250,000 EUR ($310,000) and 500,000 EUR ($620,000), and the total amount of stolen money is estimated at somewhere between 60 million EUR ($74 million) and €2 billion EUR ($2.5 billion).
Some of the targets have been found to be infected with the bank account–stealing malware from the beginning of the operation, but the cybercriminals also rely on “change your password” spam emails to spread the malicious elements.
Currently, McAfee and Guardian Analytics are working with law enforcement organizations in an attempt to terminate the attacks.
The complete details of “Operation high roller” are available here.