Researchers have observed a new attack technique using which hackers from post-Soviet countries have so far managed to steal up to $100 million from various banks.
Hackers are increasingly leveraging the overdraft facility offered by banks to open accounts and steal millions from unsuspecting banks.
Security researchers at Trustwave have discovered a new and sophisticated attack technique using which hackers are stealing money from banks without being observed. The new technique is so ingenuine that a majority of affected banks didn’t realise they were swindled until they were alerted by third-party processors.
To make the attack appear genuine at first, the researchers observed that hackers were using people as mules to approach banks and get new accounts opened by submitting counterfeit documents.
After new accounts were opened, the account holders then requested debit cards for their accounts and also requested for overdraft facility to be activated. Once they received their debit cards, they distributed the cards to international conspirators located in several post-Soviet countries.
The hacker steps in
Once all the conspirators receive their cards, a hacker, who has already breached the target bank’s network, manipulates the debit cards’ features to enable a high overdraft level and also deactivates anti-fraud controls if there are any. Once this operation is completed, the international conspirators visit such banks’ ATMs and use the overdraft facility to withdraw large sums of money.
According to the researchers, the hackers have managed to steal between $3 million and $10 million in every heist, with the average amount around $5 million.
To breach networks of target banks, the said hackers send phishing emails to bank employees with malicious attachments which, if downloaded, open backdoors for the hacker to enter the bank’s network. Once a hacker gets inside a network, he proceeds to attack the third-party processor’s network which is usually connected to the bank’s network, making the job easier.
Having compromised the third-party processor’s network, the hacker captures credentials and then compromises the Enterprise Admin account which gives him complete unhindered access into the infrastructure.
‘We believe that the attack described in this report represents a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year. Currently the attacks are localized to
the Eastern European and Russian regions. However, in cybercrime, this area is often the canary in the mineshaft for upcoming threats to other parts of the world,’ said researchers at Trustwave.
‘Our investigations have revealed victim losses currently around approximately USD$40 million. However, when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD. All global financial institutions should consider this threat seriously and take steps to mitigate it,’ they added.