A string of related thefts targeting banks in eastern Europe and former Soviet countries involved the coordination of physical and online teams
A newly uncovered wave of online attacks targeting banks has led to an estimated $100 million (£76m) in losses, according to researchers.
Organised criminals are likely to be behind the incidents, computer security firm Trustwave said in a study published on Tuesday.
Coordinated cash withdrawals
The series of related heists involved the use of ‘mules’ who opened accounts at banks in Eastern Europe and former Soviet countries using forged documents.
Meanwhile, hackers obtained access to the networks of the banks and the third-party processors who handled the banks’ debit card transactions.
Trustwave said the campaign showed “patience and sophistication”, with the hackers using malicious attachments in targeted phishing emails to place keystroke-logging code on computers used by individuals who had the authority they needed.
They logged those users’ keystrokes until they obtained the login credentials to the restricted systems used to manipulate risk scores and overdraft limits.
The hackers used those credentials to lower risk ratings and increase overdraft limits from $0 to between $25,000 and $35,000, Trustwave said.
Then a number of ‘mules’ would simultaneously make cash withdrawals from a number of the fraudulent accounts, all of them using machines found in countries outside that where the bank was located and where the account had been opened.
‘Patience and sophistication’
Once the cash was obtained, the hackers rendered the systems they had used unbootable so as to thwart investigators, according to Trustwave.
“This incredibly well-orchestrated operation demonstrates the patience and sophistication of organised cybercrime groups,” the group stated. “They coordinated efforts between physical teams, who opened bank accounts to be used in the heists, and online criminals, who hijacked and manipulated bank and processor networks.”
On average, $5m was stolen in each incident, with individual scams netting from £3m to £10m.
In some cases the banks weren’t aware of the heist until well after it had taken place. In a few cases the issue remained unnoticed until it was brought to the bank’s attention by a third-party card processing company.
In each case, the funds were stolen using legitimate cards issued by the bank.
Trustwave uncovered the scams when it was asked to investigate bank breaches that occured in former Soviet countries from mid to late 2017.
The firm said the attacks showed a new level of sophistication and were likely to spread outside the region where they originated.
The security weaknesses the thieves exploited, including the lack of network segmentation that allowed hackers to move from banks’ networks to those of third-party card processing companies, are widespread internationally in banking, Trustwave said.
Vulnerability to phishing emails is also a problem across the international financial sector, according to the firm.
Do you know all about security in 2017? Try our quiz!