Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 28th, 2012 in Current News, Internet Safety by Simply Security | Be the first to comment | Tags: Current News, Internet Safety

Hackers are proving increasing levels of competence and sophistication in terms of strategy in their attack patterns.

Hackers are proving increasing levels of competence and sophistication in terms of strategy in their attack patterns. A recent string of high-value transfers from European accounts was carried out using advanced technology and exploiting loopholes in server security for banks in that part of the world, showing that not only are malicious attempts becoming more direct, they're also getting harder to block.

According to CSO Online, the basis of these attacks is the same platforming technology that hackers have been using for years, but deployment has changed to suit new targets. Since these attempts were directly through the banks' clients and didn't bother trying to get customers to leak their own information through email phishing or spyware, the theft shows a new level of guerrilla hacking that could potentially inflict greater amounts of damage that seen before.

High-value targets

The Wall Street Journal wrote that these attacks are mostly zeroing in on wealthy European and Latin American targets and processing transfers from their bank accounts without permission from the individuals or financial institutions involved. These attempts aimed to steal over $100,000 in some instances, earning the incident the name "Operation High Roller."

"What we're seeing across the board is a greater sophistication on the part of threat actors," said banking security specialist Greg Schaffer of FIS. "There just seems to be a progression where there's more automation … and more targeted attacks that are coming in a way that is really focused on the weakest link, which is the people who interact with the machines."

The targets also included SMBs and larger businesses as well, skimming from accounts that could hold hundreds of thousands of dollars more than what hackers attempted to take through server security loopholes. Last year, Don Jackson of SecureWorks told Bloomberg that some groups could be bringing in over $1 billion in ill-gotten gains thanks to data security exploits, especially when corporate accounts get involved.

Mechanized mayhem

As Schaffer pointed out to the Journal, these attacks no longer require the individual machinations of a single hacker. Since implementing cloud deployment, Operation High Roller has taken on a life of its own, carrying out commands without a third party hand in its operations. This system allows the malware to infiltrate even more accounts, as it will continue to execute its protocol indefinitely as long as it isn't shut down by a third-party.

"All of the logic and all of the sophistications really does reside on that [cloud] server," said computer security expert Dave Marcus in an interview with CIO. He pointed out that this level of automation wouldn't be possible without cloud deployment, keeping a unified front while a sprawling and diverse set of functions is carried out to facilitate the greatest amount of profit in the shortest amount of time.

Wired reported that injection attacks were the main tool used in Operation High Roller, and that because the programs were carried out using Zeus and other old-school protocols, users didn't recognize the difference between legitimate and bogus information request pages online.

"With no human participation required, each attack moves quickly and scales neatly," a report published by Wired states. The publication went a step further in dubbing this an organized crime, similar to real-world gangs and crime families. "This operation combines an insider level of understanding of baking transaction systems with both custom and off the shelf malicious code."