- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
McAfee peels back the layers of Operation High Roller
McAfee and Guardian Analytics have a new a report on the fraud ring known as Operation High Roller. Here are some points of interest.
In an email this morning, McAfee descried a highly sophisticated, multi-tiered, global financial fraud ring. "So far, we estimate the criminals have attempted somewhere between €60 million and €2 billion in fraudulent transfers from at least 60 banks," a spokesman said.
Operation High Roller, has reached banking systems worldwide, and is comprised of at least a dozen groups that use active and passive automated transfer systems to steal high value transactions from high balance accounts. The Operation High Roller attacks have impacted thousands of every class of financial institution: credit union, large global bank and regional bank, using smaller and less detectable automated transactions, according to the report.
McAfee Security Research Director Dave Marcus explained some of the findings in his blog, writing:
The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign.
Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical “chip and pin” authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia.
He outlined the main takeaways:
Key points about the attacks
- Shift from traditional Man-in-the-Browser attacks on the victim’s PC to server side automated attacks. Criminals have moved from multi-purpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions
- Global – started in Europe, moved to Latin America and recently to the US
- Impacting commercial accounts and high net-worth individuals
- Impacting financial institutions of all sizes
Impact of the new fraud methodology
- Criminals can move faster
- A wide variety and level of dollar transactions can be attempted
- Purpose built, multiple strategy approach helps avoid detection
- By avoiding detection, the servers can stay live longer
Welcome to another day in the never-ending battle against evil.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Review: Box beats Dropbox - and all the rest - for business
- 3 Steps to Content Sharing and Collaboration ft. Forrester Research
- The Total Economic Impact Of NetApp's And Cisco's FlexPod Data Center Platform
- Top Seven Reasons to Implement Cloud Communications and Collaboration