Cyber heist hits banks in Russia and eastern Europe

Criminals hired mules to open rogue bank accounts and manipulated risk ratings and overdraft limits, paving the way for millions of dollars to be stolen

A series of sophisticated cyber attacks involving physical and cyber elements has led to thefts of about $40m from banks across Russia and eastern Europe, a new Trustwave study has found.

The attacks are believed to have been carried out by cyber criminals who recruited “mules” to open rogue bank accounts at physical bank branches using fake documents and identities.

The attacks are believed to have been carried out by cyber criminals who recruited “mules” to open rogue bank accounts at physical bank branches using fake documents and identities.

After the accounts were approved, the mules then requested debit cards, which were then used to withdraw cash from ATM machines located outside the victim banks’ home countries.

The withdrawals were made possible because cyber criminals had already compromised the victim banks’ networks – and the card processor network the banks were connected to via a virtual private network (VPN) – using phishing emails.

On the card processor’s network, the perpetrators used malicious payloads to capture the credentials needed to manipulate risk ratings and increase the overdraft limits of the rogue bank accounts from $0 to between $25,000 and $35,000.

The criminals also covered their tracks by making the system they had been using to perform their activities unbootable shortly after the cash-out.

Some victim banks had not even realised that a breach had occurred and that a significant amount of money had been stolen until well after the attack was completed.

In a few cases, the malicious activity was reported to the banks by third-party processors of debit and credit card transactions, Trustwave’s report said.

“It should also be noted that the attackers’ trade craft suggests the involvement of organised cyber crime groups,” it said, noting that the attackers had also used specialised malware to thwart cyber forensics investigations.

Thanassis Diogos, managing consultant of Trustwave’s SpiderLabs security team, told Computer Weekly that this type of attack had never been seen before.

Although the attacks were localised to Russia and eastern European countries, Diogos said they could be the “canary in the mine shaft” for future threats in other parts of the world. “All global financial institutions should take this threat seriously and take steps to mitigate it,” he said. 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top