Researchers at McAfee and Guardian Analytics have uncovered a heavily automated, sophisticated fraud operation that may have attempted to steal at least $78 million from bank accounts around the world.
These attacks use mainly 3 strategies:
Automated consumer attacks
Through phishing emails that contain a disguised link. When the victim clicks the link, they visit a web page that starts a malicious sequence. The fraud process starts when the account holder subsequently attempts to log into his account from the infected computer.
Automated server-based attacks
This second type of attack moves the fraud logic to the server side to reduce the visibility of the attacker’s logic. This happens using a fraudster’s server that is located at an ISP with crime-friendly usage policies. These servers are moved frequently to avoid discovery. After each move, the web injects are updated to link to the new location.
Hybrid automated/manual attacks against marquee business accounts
To work around extra security controls, this parallel session is used allowing an override of the fraudster’s self-imposed restrictions so the attackers can steal custom amounts from each account.
Bank and credit unions must implement anomaly detection software. Also, companies must boost both security controls and privileged user education against the social engineering and phishing attacks. Finally, consumers, while not the primary targets, should strengthen and maintain endpoint controls (security software,…) and remain alert to unexpected changes when performing online banking transactions.
Since attacks like Operation High Roller use multiple tactics and extensive automation, multiple diverse protections must be deployed to detect and disrupt the different aspects of each attack. (McAffee, 2012)
2nd article: 10/10