November 14, 2012
Automated transfer system (ATS) attacks are a global issue. The latest Operation High Roller attack targeting a U.S. financial institution had roots to earlier automated attacks in European and Asia-Pacific regions.
With Operation High Roller attacks, hackers usually develop a single set of “webinjects” (packaged commercial functions created by cybercriminal developers) to be used in multiple campaigns. McAfee Labs researchers track these webinjects according to their unique attributes to determine if a variant is using a webinject from the same developer. Researchers can then search variations of the code to determine if there are similarities to other campaigns.
By analyzing similarities between Operation High Roller attacks, McAfee Labs researchers have determined that the latest attack can be linked to earlier automated attacks in the European and Asia-Pacific regions.
By analyzing five previous financial fraud campaigns targeting European banks that used the same URL for the ACD link, McAfee Labs was able to determine that those attacks are related to the recent U.S. attack because they reused the same location to retrieve the ACD script, although with a different transaction-server URL. The same group also conducted similar automated attacks in Germany and Australia, and other campaigns in different regions of the world
Cybercriminals will continue to use the techniques employed in Operation High Roller. Financial institutions and consumers need to remain vigilant against these attacks.