Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Russian criminals' bank attacks go global

Maria Korolov | Oct. 27, 2016
Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next

"We are participating in a joint investigation with Europol, and we are not allowed to disclose information to the public," he said.

Earlier this month, Symantec released a report linking the Carbanac group, suspected to be based in Russia, with high-level attacks against banks in the U.S., Hong Kong, Australia, the U.K. and other regions. Total losses are estimated to range from tens to hundreds of millions of dollars.

"It's become really global," Volkov said.

Russian authorities are cooperating with international investigators to bring down these groups, he said, but the process is slow.

"It's very hard to investigate these cases," he said. In addition, members of any particular group could be located in several countries, and enforcement activities have to be coordinated to take them all down at once.

"Otherwise, the other guys will delete all the evidence, move to other locations, and take other measures to avoid arrest," he said.

Meanwhile, even while enforcement is improving, there's still a problem when it comes to information sharing, he said.

"There is no effective channel to exchange communications," he said. "There are official procedures for the exchange of data, and it is very slow."

The next wave of mobile attacks

Meanwhile, another wave of attacks is building up in Russia.

Thefts from individual bank accounts using mobile-based Trojans are up 471 percent in Russia, to $6 million, according to Group-IB.

The mobile Trojans first appeared in 2013 and used the SMS banking channel and mobile banking, and banks quickly responded by imposing limits on mobile transactions.

"So in 2014 and 2015 we saw a decrease in the amounts that hackers were able to steal from customers," Volkov said.

The criminals innovated, with new types of attacks, and new distribution mechanisms.

"Russia became a real testing environment for mobile banking Trojans," he said. "Next year, or in the next couple of years, all this knowledge will be exported outside of Russia."

For example, the malware uses fake dialogs asking for bank card details, transaction confirmations and one-time passwords to immediately transfer money to the criminals.

In addition, login credentials are collected and reused for online banking, where the transaction limits are higher than with mobile banking.

The criminals even began developing complete banking applications, designed to mimic the ones from the real banks.

"There are programs that generate new fake mobile banking applications in minutes," he said. "The criminals just specify the colors, icons, and fields."

Ads in Google, Yahoo and Russia's Yandex search engines get the links to the fake banking apps to appear above the legitimate listings.

There are also phishing messages, sent via SMS or email, telling the user to install a required update for a critical application or for the operating system, or warning of eBay and AliBaba activity.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.