Cybercriminals increasingly use online banking fraud automation techniques

Cybercriminals combine traditional banking malware with server-hosted scripts to automate online bank fraud, researchers say

Cybercriminals attempted to steal at least US$75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released on Monday by antivirus firm McAfee and online banking security vendor Guardian Analytics.

The new fraud automation techniques are an advancement over the so-called man-in-the-browser (MitB) attacks performed through online banking malware like Zeus or SpyEye.

Banking malware has long had the ability to inject rogue content such as forms or pop-ups into online banking websites when they are accessed from infected computers. This feature has traditionally been used to collect financial details and log-in credentials from victims that could be abused at a later time.

However, attackers are increasingly combining malware-based Web injection with server-hosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time, McAfee and Guardian Analytics researchers said in their report.

The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process. They can read account balances and transfer predefined sums to money mules -- intermediaries -- the selection of which is also done automatically by querying a constantly updated database of money mule accounts, the researchers said.

This type of automated attacks, which the McAfee and Guardian Analytics researchers collectively call "Operation High Roller," were first observed in Europe -- in Italy, Germany and the Netherlands. However, since March they have also been detected in Latin America and the U.S.

By extrapolating the data gathered from the European attacks, security researchers estimate that cybercriminals attempted to steal between $75 million and $2.5 billion using fraud automation techniques.

Such attacks usually target high-balance accounts owned by businesses or high net-worth individuals, the researchers said. "The United States victims were all companies with commercial accounts with a minimum balance of several million dollars."

The fraud automation scripts also allow cybercriminals to bypass two-factor authorization systems implemented by banks for security purposes.

The malware intercepts the authentication process and captures the one-time password generated by the victim's bank-issued hardware token and uses it to perform the fraud in the background. Meanwhile, the user is shown a "please wait" message on the screen.

"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters," the researchers said. "Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?