McAfee peels back the layers of Operation High Roller

McAfee and Guardian Analytics have a new a report on the fraud ring known as Operation High Roller. Here are some points of interest.

In an email this morning, McAfee descried a highly sophisticated, multi-tiered, global financial fraud ring.  "So far, we estimate the criminals have attempted somewhere between €60 million and €2 billion in fraudulent transfers from at least 60 banks," a spokesman said.

Operation High Roller, has reached banking systems worldwide, and is comprised of at least a dozen groups that use active and passive automated transfer systems to steal high value transactions from high balance accounts.  The Operation High Roller attacks have impacted thousands of every class of financial institution: credit union, large global bank and regional bank, using smaller and less detectable automated transactions, according to the report.

McAfee Security Research Director Dave Marcus explained some of the findings in his blog, writing:

The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign.

Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical “chip and pin” authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia.

He outlined the main takeaways:

Key points about the attacks

- Shift from traditional Man-in-the-Browser attacks on the victim’s PC to server side automated attacks. Criminals have moved from multi-purpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions

- Global – started in Europe, moved to Latin America and recently to the US

- Impacting commercial accounts and high net-worth individuals

- Impacting financial institutions of all sizes

Impact of the new fraud methodology

- Criminals can move faster

- A wide variety and level of dollar transactions can be attempted

- Purpose built, multiple strategy approach helps avoid detection

- By avoiding detection, the servers can stay live longer

Welcome to another day in the never-ending battle against evil.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web