Wednesday, June 27, 2012

Operation High Roller Attempts to Hack Banks for Billions, Nets at Least $80 Million so Far

First up, Network World:

International fraud ring said to use automated techniques to steal $78 million from banks, commercial accounts, according to McAfee and Guardian Analytics report
A global fraud ring has been targeting high net-worth businesses and individuals has netted the criminals an estimated $78 million (60 million euros). 

According to McAfee and Guardian Analytics which today issued a report on the fraud, "Dissecting Operation High Roller," the attacks, first identified this winter, have hit 60 or more institutions and the total amount stolen may in fact be may be much higher.

The two security firms say they have tracked "at least a dozen groups" that are relying on "server-side components and heavy automation" with about 60 servers processing thousands of attempted thefts from commercial accounts and the rich. This appears to be happening mainly in the European Union countries, though there's also evidence of it in Latin America and the U.S. These attacks are said to differ from the known malware-based SpyEye and Zeus attacks in that they are far more automated and usually done without human intervention.

"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign," said Dave Marcus, McAfee director of advanced research and threat intelligence.

McAfee and Guardian Analytics first spotted evidence of these crime activities in late January in an attack on a bank in Germany in which the victim log data on the server "showed the fraudsters compromised 176 accounts and attempted to transfer nearly one million Euros to mule accounts in Portugal, Greece, and the United Kingdom." The average account targeted held about 509,000 euros.

An attack against the German bank was highly automated, and in their report, the security firms say they had seen something similar in an earlier attack on a bank in Italy that involved SpyEye and Zeus malware to transfer funds but was more automated than anything they'd seen before.

The report says all manner of banking institutions have been targeted: credit union, large global bank and regional banks. In March, the fraudsters hit the Netherlands banking system with this newer style of server-side automated attack. They circumvented endpoint security and monitoring tools used for fraud detection at the institution, the report says. The server was based in San Jose, Calif., and has also apparently been used against victims in the U.S. whose accounts contained at least $1 million.

A hit against two banks in the Netherlands reached into more than 5,000 business accounts. The attempted fraud was estimated to be 35.58 million euros. Later in March, the security firms also became aware of attacks in Latin America, where more than a dozen businesses in Colombia were targeted, each having an account balance between $500,000 and $2 million. The server used in this wave of attacks was hosted in La Brea, Calif., though there was evidence of fraudsters logging in from Moscow to "manipulate some of the transactions in an attempt to transfer arbitrary amounts as high as 50% - 80% of the victim's balance." McAfee and Guardian Analytics say they've shared their findings with law enforcement agencies....MORE 
Daily Tech puts a much higher number on the scam:

"High Roller" Hacker Attack is Stealing Hundreds of Millions From the Rich
...II. Sophisticated Cloud-Commanded Malware Hits U.S.

The attacks initially targeted Europe, but have since spread to the U.S. and Columbia.  The hardest hit region in Europe, according to McAfee is the Netherlands, which suffered over €141M ($175M USD).  However attacks in the U.S. are also escalating with 8 to 10 malware variants currently attacking 109 businesses.

Texas is the state currently being hardest hit by the attacks.  Numerous account holders in New York, Georgia, and California were also targeted....MORE 


High Roller attacks

Here's the McAfee report (20 page PDF)