Operation High Roller Uncovers New Server-Side
This report, "Dissecting Operation High Roller," was jointly released by Guardian Analytics and McAfee. It describes a sophisticated international fraud scheme that uses cloud-based, automated attacks to target high-balance accounts, hence the "high roller" title.
This is a serious new threat that is actively targeting American financial institutions. To the best of our knowledge the scheme has already netted nearly $80M worldwide, and it could be much higher. The innovative, sophisticated nature of this scheme further escalates the importance of implementing layered security, including anomaly detection solutions that have been proven to be able to detect these attacks.
The attacks started in Europe earlier this year and were spotted in the U.S. starting in March. They feature:
- Server-side automation. This new innovation delivers instructions from fraudsters' cloud-based servers ("server-side") instead of being pre-loaded as part of the initial malware infection on to the victims' computers ("client-side").
- High level of automation that captures one-time passwords, checks account balance, initiates transactions, and checks a mule database to find an active mule account, all without fraudsters' active participation.
- A relatively small number of attacks on high-balance accounts, which we believe isan attempt to fly under the radar.
- Hiding the evidence. After the transaction, the malware will erase confirmation emails, prevent printing of statements, and change transaction values to match what the victim expects to see.
Dissecting Operation High Roller
Release Date: June 26, 2012
Published jointly by:
Download Now >