State of the art attack fleeces banks of millions
By Davey Winder in Editorial
Posted in Security on
I know, I know, the whole bank gets targeted by the online bad guys routine is starting to wear a little thin when it comes to the exciting news stakes at least, but bear with me. Most of the time you will just read about phishing scams which might be successful in relieving the gullible of a few quid from their personal bank accounts, but rarely do the more sophisticated attacks which target high roller corporate make the headlines. Not least because both the banks and those corporate would much rather you did not read about how they lost money and run the risk of you losing trust in them.
Assuming anyone trusts banks any more, given the whole credit crunch and Northern Rock fiascos.
However, when it comes to the Prg Trojan the excitement levels rise a tad, as this is apparently managing to remove millions of corporate dollars from bank accounts around the globe with spectacular ease. Prg itself is nothing new, it was first identified six months ago, but since then it has morphed and evolved into something that goes beyond what we have come to expect of man in the middle attacks to date. This particular variant is clever enough to perfectly mimic pre and post authentication procedures, following every step that the real user would take - and follow them directly to the money itself.
It all starts in the same way as most attacks, with victims being infected via email and website links which install a generic Trojan to steal data by copying everything entered at a browser window to a compromised server. This data is then analysed and filtered, and any signs of commercial banking transactions of any decent size are noted. This can then identify the best victims to target with spear phishing techniques used to get the Prg Trojan installed by masquerading as a new security token for example. Now, everything that the victim does with their bank online is carefully scrutinised, with the Trojan learning to simulate online transactions, transfer and payments. The criminals are alerted by the Trojan when it has enough data to be able to do all this successfully, and when the victim starts any transaction. The criminal can then perform the man in the middle attack by piggybacking the session and compromising the entire account. More often than not the attackers will not even know the victims username, let alone password. Neither is needed because the software handles all of that.
The really clever part is that it leaves very little in the way of an audit trail or signature to follow. It simply simulates all the keystrokes, in the right order, and visits all the bank pages, in the right order, exactly as if it were the customer themselves.
Reports suggest that as many as 20 banks across the US and Europe have already fallen victim to the new Trojan variant, with attacks originating in data centres in Moscow and Mumbai. Security researchers even reckon they know who is behind the sophisticated crimewave, a Russian group known as UpLevel and their associates in Germany. As many as 10,000 corporate victims are thought to have had their accounts compromised.
Actually, it is wrong to think of the companies as being the victims here: it is the banks and ultimately all of us that will pay. The banks give the money back to the large corporate, whose business they do not want to lose, and end up recouping that loss through higher account fees etc…
Rated: 100% (1 votes)
Loading ...Make a comment
Tag cloud
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Cuil frozen out: market share drops to next to nothing
20 comments
- Windows XP: the invincible OS
- Gatecrashing the WiFi hotspot party
- The 24 year old software that is still going strong
- Home workers are sick
- Big Brother Apple
- Spear phishing Catch 22 for Salesforce.com
- Dumbest phisher in history revealed
- Is BT misleading consumers with Option 2 broadband?
- Why ecommerce fails
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Slowly slowly catchee Government IT monkey (100%)
- Who needs another set of web standards? (100%)
- The 6.5 billion quid hello (100%)