Report – Dissecting Operation High Roller | Massive Cyber Attack in USA, Europe and Latin America Siphons $2.5 Billion From Banks
Massive Cyber Attack in USA, Europe and Latin America Siphons $2.5 Billion From Banks
Dissecting Operation High Roller
How the high-tech mantra of “automation and innovation” helps a multi-tiered global fraud ring target high net worth businesses and individuals. Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical multi-factor authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia.
McAfee and Guardian Analytics have uncovered a highly sophisticated, global financial services fraud campaign that has reached the American banking system. As this research study goes to press, we are working actively with international law enforcement organizations to shut down these attacks.
Unlike standard SpyEye and Zeus attacks that typically feature live (manual) interventions, we have discovered at least a dozen groups now using server-side components and heavy automation. The fraudsters’ objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research: Operation High Roller.
With no human participation required, each attack moves quickly and scales neatly. This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term “organized crime.”
This study found 60 servers processing thousands of attempted thefts from high-value commercial accounts and some high net worth individuals. As the attack shifted emphasis from consumers to businesses, mule business accounts allowed attempted transfers averaging in the thousands of Euros, with some transfers as high as €100,000 (US$130,000)1. Three distinct attack strategies have emerged as the targets have expanded from the European Union, to Latin America, to the United States.
Debunking the popular wisdom that only big banks are affected, the research documents attacks at every class of financial institution: credit union, large global bank, and regional bank. So far, we estimate the criminals have attempted at least €60 million (US$78 million) in fraudulent transfers from accounts at 60 or more financial institutions (FIs). If all of the attempted fraud campaigns were as successful as the Netherlands example we describe in this report, the total attempted fraud could be as high as €2 billion.2
Full report below…