Security researchers uncover global cyber fraud gang

Security researchers have uncovered a highly sophisticated global financial fraud ring that has attempted fraudulent transfers of up to £1.6bn

Security researchers have uncovered a highly sophisticated, multi-tiered, global financial fraud ring that has attempted fraudulent transfers of up to £1.6bn from at least 60 banks

This fraud empire, discovered by researchers from security firm McAfee and Guardian Analytics, is believed to have reached banking systems worldwide.

The criminal operation, dubbed Operation High Roller, is made up of at least a dozen groups that use active and passive automated transfer systems to steal high value transactions from high balance accounts. 

Operation High Roller has hit every class of financial institution: credit unions, large global banks and regional banks, using smaller and less detectable automated transactions.

High net-worth individuals have also been targeted by the fraud ring.

A report by McAfee and Guardian Analytics describes a new breed of sophisticated fraud attacks that use advanced methods, with fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign.

"With no human participation required, each attack moves quickly and scales neatly. This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term 'organised crime'," the report said.

Building on established Zeus and SpyEye tactics, this Operation High Roller adds many breakthroughs such as bypasses for physical “chip and pin” authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as £80,000.

According to researchers, the attacks started in Europe, but moved to Latin America and the US.

"Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia," David Marcus, director, security research at McAfee said in a blog post.

He notes a shift from traditional Man-in-the-Browser attacks on the victim’s PC to server side automated attacks.

"Criminals have moved from multi-purpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions," Marcus wrote.

This new fraud methodology means that criminals can move faster and a wide variety and level of transactions can be attempted.

Purpose-built, multiple strategy approach also helps avoid detection, and by avoiding detection, the servers can stay live longer, said Marcus.

The researchers are we are working with international law enforcement organisations to shut down the attacks.

News of the financial attacks comes just a day after MI5 chief, Jonathan Evans warned  that internet "vulnerabilities" were being exploited on an industrial scale by organised cyber criminals as well as states carrying out cyber espionage.

"This is a threat to the integrity, confidentiality and availability of government information but also to business and to academic institutions," he said.

Read more on Hackers and cybercrime prevention