backtop


Print

Attack is an extension of the man-in-the-browser attack methodology

Security researchers admit they're still struggling to defeat man-in-the-browser (MitB) attacks.  The best-known example of this attack is the Zeus (aka Kneber, etc.) botnet, which is comprised of machines infected by drive-by-download or phishing attacks.  

Researchers are currently only 23 percent effective at detecting and removing Zeus variants, although attacks on command and control servers have been somewhat effective.  The malware operates via a browser extension in Firefox or via a Browser Helper Object in Microsoft Corp.'s (MSFT) Internet Explorer.  The Trojan is used to carry out traditional malware activities, such as spamming and bank transaction interception/modification.

I. Hackers Steal From the Rich, Give to Themselves With Op. High Roller

Now even as researchers continue to struggle with Zeus and its successor SpyEye, there's an even more sinister malware storm brewing that Guardian Analytics and Intel Corp. (INTC) subsidiary McAfee have been tracking [PDF], dubbed "Operation High Roller".

The new attack is much more organized, driven via cloud controllers, versus Zeus where infected machines often operated in a rogue lone manner.

Using cloud servers, machines infected with High Roller Trojans are hit with server-based fraudulent bank transactions totaling up to $130,000 USD (€100,000).  These very large transactions are ferried through "mule" accounts also operated by the control-servers.  The attacks use Zeus or SpyEye for reconnaissance and then use compromised local machines to target large accounts via "spear phishing" tactics.

Spear phishing email
An example "spear phishing" message from an infected machine. [Image Source: McAfee]

The new multi-approach malware is able to circumvent typical "chip and pin" physical security features, such as the smartcard reader ID systems commonly used in Europe.  It targets primarily "high rollers" -- accounts with more than €250,000, the kind commonly maintained by wealthy individuals and corporations.  This differs from Zeus and other past attacks that primarily targeted the masses with smaller transactions

Euros
Op. high roller is stealing millions from the wealthy [Image Source: The Hibernia Times]

II. Sophisticated Cloud-Commanded Malware Hits U.S.

The attacks initially targeted Europe, but have since spread to the U.S. and Columbia.  The hardest hit region in Europe, according to McAfee is the Netherlands, which suffered over €141M ($175M USD).  However attacks in the U.S. are also escalating with 8 to 10 malware variants currently attacking 109 businesses.

Texas is the state currently being hardest hit by the attacks.  Numerous account holders in New York, Georgia, and California were also targeted.  

High Roller attacks
Many states have been hit by Operation High Roller. [Image Source: McAfee]

Most of the attacks originated from command-and-control servers than Russia, though some C&C servers were also found in China and the U.S., among other places.

Source: McAfee





“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls






Most Popular ArticlesSuper Hi- Vision Will Amaze the World
January 16, 2017, 9:53 AM
Samsung Chromebook Plus – Coming in February 2017
January 17, 2017, 12:01 AM
Samsung 2017 Handset’s Updates
January 17, 2017, 12:01 AM
Teclast Tbook X5 Pro - Coming January 23
January 16, 2017, 9:21 AM
Gionee Marathon M5 Plus – China’s Flagship Smartphone
January 15, 2017, 2:02 AM

Latest Blog Posts
Some new News
Saimin Nidarson - Jan 23, 2017, 8:59 AM
What is new?
Saimin Nidarson - Jan 22, 2017, 7:00 AM
News
Saimin Nidarson - Jan 20, 2017, 7:00 AM
News of the World
Saimin Nidarson - Jan 19, 2017, 7:00 AM
Some tips
Saimin Nidarson - Jan 17, 2017, 12:16 AM
News of the Day
DailyTech Staff - Jan 16, 2017, 12:10 PM
Tech News
Saimin Nidarson - Jan 15, 2017, 12:32 AM
Here is Some News
Saimin Nidarson - Jan 14, 2017, 12:39 AM
News around the world
Saimin Nidarson - Jan 12, 2017, 12:01 AM
Rumors and Announcements
Saimin Nidarson - Jan 11, 2017, 12:01 AM
Some news of Day
Saimin Nidarson - Jan 7, 2017, 12:01 AM
News 2017 CES
Saimin Nidarson - Jan 6, 2017, 12:01 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki