Hackers 'a step ahead'
June 26, 2012
Researchers from two US-based security firms say a new style of automated hacking may be responsible for the loss of $78 million (62 million euros) across three continents in the past year.
The computer security firm, McAfee, and Guardian Analytics, which specializes in protecting banks, have analyzed computers seized from hacker gangs.
Using existing malicious software such as Zeus and SpyEye, the gangs logged on to the computers of banking clients in Europe, Latin America and the United States.
But the new variations of the software are said to automate the transfer of funds to accounts held by accomplices.
Craig Priess, vice president of Guardian Analytics, says this is "the beginning of a new technique."
Way out front
The researchers found that the hackers were now able to circumvent two-factor authentication systems - like chip and PIN verification - and that they had also launched attacks directed at a bank's servers.
"They are taking online hacking to the next level," Toralv Dirro, a security strategist with McAfee Labs, told DW. "With the server-side attacks they can get cloud-based data, which means they are getting the latest information on an account."
Hackers used to spread so-called Trojans that would install themselves on a computer to track a user's online banking behavior - at a local level. The Trojan would record passwords and other login information as it was being used on that computer. But such details can become out-of-date.
The researchers say Trojans are now programmed to download the latest information from the cloud.
"I'm afraid the hackers are one step ahead of us," says Dirro. "We need faster ways to blacklist affected servers, and banks need to install or update fraud detection systems. Some small banks don't have fraud detection systems because they think they're too small - but hackers don't care how big you are."
Bad for the banks
Trojans have been imitating human behavior for some time and this has made it harder to detect them. But hackers have also changed their offline tactics.
They now increasingly target accounts which they know hold large sums of money, or specific parts of a bank where they know they will find business accounts.
But McAfee Lab's Tirolv Dirro says they seem to have stopped the immediate transfer of large sums of money to completely new locations, preferring instead to deposit the money in temporary, but authentic-looking accounts.
It will be unwelcome news as many banks continue to struggle in the economic crisis with their day-to-day business.
"The banks certainly don't need this - big accounts could lose a lot of money," says Dirro, "and the authentication schemes we thought were secure - hackers have found ways to get around them."
The research conducted by McAfee and Guardian Analytics builds on an earlier study by the Japan-based Trend Micro.
Trend Micro, which specializes in cloud-based security, says it has spotted automated hacker systems in Germany, Britain and Italy. McAfee and Guardian Analytics add Colombia, the Netherlands and the United States to the list. The automated transfer modules appear to be developed and sold in Russia, Ukraine and Romania.
Author: Zulfikar Abbany
Editor: Michael Lawton