Earlier today Guardian Analytics and McAfee released the joint report “Dissecting Operation High Roller,” which describes a new breed of sophisticated fraud attacks. The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multifaceted automation in a global fraud campaign.
Building on established Zeus and SpyEye malware tactics, this ring adds many breakthroughs: bypasses for physical “chip and pin” authentication, automated “mule” account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000). Although Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including to the United States and Colombia.
What are the key points in the attacks?
- A shift from traditional man-in-the-browser attacks on the victim’s PC to server-side automated attacks. Criminals have moved from multipurpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions.
- Global: Started in Europe, moved to Latin America, and recently to the United States
- Impacts commercial accounts and high-net-worth individuals
- Impacts financial institutions of all sizes
What is the impact of this new fraud methodology?
- Criminals can move faster
- A wide variety and level of dollar transactions can be attempted
- Purpose-built, multiple-strategy approach helps avoid detection
- By avoiding detection, the servers can stay live longer