McAfee: New Attacks Automate Online Banking Fraud

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

McAfee and Guardian Analytics recently published a joint report [PDF file] examining a new online fraud campaign they call "Operation High Roller."

"McAfee said that cyber criminals are increasingly looking at using automated systems to mount attacks, thus making the activity an increasingly lucrative business," writes The Inquirer's Lee Bell.

"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multifaceted automation in a global fraud campaign," writes McAfee's David Marcus. "Building on established Zeus and SpyEye malware tactics, this ring adds many breakthroughs: bypasses for physical 'chip and pin' authentication, automated 'mule' account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000)."

"The externally hosted scripts called by the malware are designed to work with specific online banking websites and automate the entire fraud process," writes PCWorld's Lucian Constantin. "They can read account balances and transfer predefined sums to money mules -- intermediaries -- the selection of which is also done automatically by querying a constantly updated database of money mule accounts, the researchers said."

"The majority of attacks appear to have taken place across European banking systems, but McAfee warns that it has found evidence of attacks at Latin American and North American financial institutions too," writes The Verge's Tom Warren. "The company is warning that 60 servers have been processing thousands of attempted thefts from high-value accounts over a period of months, resulting in attempts to steal at least €60 million (US$78 million). McAfee says that if all the attempted fraud attacks were successful then the total attempted fraud could be as high as €2 billion ($2.49 billion)."