Banks beware! Hackers are using this new attack technique to swindle millions off banks

Banks beware! Hackers are using this new attack technique to swindle millions off banks

Hackers are using this new attack technique to swindle millions off banks

Researchers have observed a new attack technique using which hackers from post-Soviet countries have so far managed to steal up to $100 million from various banks.

Hackers are increasingly leveraging the overdraft facility offered by banks to open accounts and steal millions from unsuspecting banks.

Security researchers at Trustwave have discovered a new and sophisticated attack technique using which hackers are stealing money from banks without being observed. The new technique is so ingenuine that a majority of affected banks didn't realise they were swindled until they were alerted by third-party processors.


To make the attack appear genuine at first, the researchers observed that hackers were using people as mules to approach banks and get new accounts opened by submitting counterfeit documents.

After new accounts were opened, the account holders then requested debit cards for their accounts and also requested for overdraft facility to be activated. Once they received their debit cards, they distributed the cards to international conspirators located in several post-Soviet countries.

The hacker steps in

Once all the conspirators receive their cards, a hacker, who has already breached the target bank's network, manipulates the debit cards’ features to enable a high overdraft level and also deactivates anti-fraud controls if there are any. Once this operation is completed, the international conspirators visit such banks' ATMs and use the overdraft facility to withdraw large sums of money.

According to the researchers, the hackers have managed to steal between $3 million and $10 million in every heist, with the average amount around $5 million.

To breach networks of target banks, the said hackers send phishing emails to bank employees with malicious attachments which, if downloaded, open backdoors for the hacker to enter the bank's network. Once a hacker gets inside a network, he proceeds to attack the third-party processor’s network which is usually connected to the bank's network, making the job easier.

Having compromised the third-party processor’s network, the hacker captures credentials and then compromises the Enterprise Admin account which gives him complete unhindered access into the infrastructure.

'We believe that the attack described in this report represents a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year. Currently the attacks are localized to
the Eastern European and Russian regions. However, in cybercrime, this area is often the canary in the mineshaft for upcoming threats to other parts of the world,' said researchers at Trustwave.

'Our investigations have revealed victim losses currently around approximately USD$40 million. However, when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD. All global financial institutions should consider this threat seriously and take steps to mitigate it,' they added.

Copyright Lyonsdown Limited 2020

Top Articles

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Hackers exploited flaws in Accellion FTA to steal data from Qualys

Qualys said hackers exploited a zero day vulnerability in Accellion's FTA to infiltrate an FTA server deployed in its DMZ environment.

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

Related Articles