Hackers are using this new attack technique to swindle millions off banks

Hackers are using this new attack technique to swindle millions off banks

News / Banks beware! Hackers are using this new attack technique to swindle millions off banks

Banks beware! Hackers are using this new attack technique to swindle millions off banks

Researchers have observed a new attack technique using which hackers from post-Soviet countries have so far managed to steal up to $100 million from various banks.

Hackers are increasingly leveraging the overdraft facility offered by banks to open accounts and steal millions from unsuspecting banks.

Security researchers at Trustwave have discovered a new and sophisticated attack technique using which hackers are stealing money from banks without being observed. The new technique is so ingenuine that a majority of affected banks didn't realise they were swindled until they were alerted by third-party processors.

Mules

To make the attack appear genuine at first, the researchers observed that hackers were using people as mules to approach banks and get new accounts opened by submitting counterfeit documents.

After new accounts were opened, the account holders then requested debit cards for their accounts and also requested for overdraft facility to be activated. Once they received their debit cards, they distributed the cards to international conspirators located in several post-Soviet countries.

The hacker steps in

Once all the conspirators receive their cards, a hacker, who has already breached the target bank's network, manipulates the debit cards’ features to enable a high overdraft level and also deactivates anti-fraud controls if there are any. Once this operation is completed, the international conspirators visit such banks' ATMs and use the overdraft facility to withdraw large sums of money.

According to the researchers, the hackers have managed to steal between $3 million and $10 million in every heist, with the average amount around $5 million.

To breach networks of target banks, the said hackers send phishing emails to bank employees with malicious attachments which, if downloaded, open backdoors for the hacker to enter the bank's network. Once a hacker gets inside a network, he proceeds to attack the third-party processor’s network which is usually connected to the bank's network, making the job easier.

Having compromised the third-party processor’s network, the hacker captures credentials and then compromises the Enterprise Admin account which gives him complete unhindered access into the infrastructure.

'We believe that the attack described in this report represents a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year. Currently the attacks are localized to

the Eastern European and Russian regions. However, in cybercrime, this area is often the canary in the mineshaft for upcoming threats to other parts of the world,' said researchers at Trustwave.

'Our investigations have revealed victim losses currently around approximately USD$40 million. However, when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD. All global financial institutions should consider this threat seriously and take steps to mitigate it,' they added.

Shares
The following two tabs change content below.

Jay Jay

Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines

Comments