Security researchers have positively identified an ongoing slew of cloud-based, automated attacks targeting high-balance accounts worldwide.
According to a joint report issued by Guardian Analytics and McAfee, the digital campaign is actively targeting American financial institutions and has already netted nearly $80 million around the globe.
The attacks apparently kicked off in Europe earlier this year and were spotted in the US starting in March. Key characteristics are as follows:
- Server-side automation – Delivers instructions from fraudsters’ cloud-based servers (“server-side”) instead of being pre-loaded as part of the initial malware infection on to the victims’ computers (“client-side”).
- High level of automation – Captures one-time passwords, checks account balance, initiates transactions, and checks a mule database to find an active mule account, all without fraudsters’ active participation.
- Hiding the evidence – A relatively small number of attacks on high-balance accounts is an attempt to fly under the radar. After the transaction, the malware erases confirmation emails, prevents printing of statements, and changes transaction values to match what the victim expects to see.
“The innovative, sophisticated nature of this scheme further escalates the importance of implementing layered security, including anomaly detection solutions that have been proven to be able to detect these attacks,” the researchers warned.
Meanwhile, Sam Kiley of Sky News has confirmed that credit unions, large multinational banks and regional banks have all been attacked.
“They have identified 60 different [attack] servers, many of them in Russia, and they have identified one alone that has been used to steal 60m euro,” he said. “There are dozens of servers still grinding away at this fraud – in effect stealing money.”