UK Financial Institution loses 675K in 30 days

M86 Security (www.m86security.com) have published a (13-page) white paper on a recent online banking attack which resulted in £675,000 being stolen from approx 3,000 customer accounts at an (unnamed) UK Financial Institution in the 30 day period from 5th July.

Multiple techniques were used to spread malicious code, including infecting legitimate websites with malware & creating fraudulent online advertisement websites

The cybercriminals used well-known Exploit Kits which can be purchased for a few hundred dollars which are notorious for efficiently exploiting victim’s browsers to install Trojans onto their PCs.

Once the Zeus v3 Trojan was successfully installed on victims’ PCs and after the victims logged into their online bank accounts, the Trojan transferred various pieces of data to the cybercriminals Control system. After analysing the data, the Trojan Control system determined whether the user had enough money in the account, and selected the most appropriate accomplice account to receive the money, wrapped all the data, and sent it back to the Trojan installed on the victim’s machine. This was then was used to initiate the money transfer from their accounts.  

Depending upon how blasé or relaxed you are about online banking, there is no excuse not to monitor your bank account, particularly if you’ve switched off getting paper statements, to ensure no rogue transaction have occurred. In this example, each customer lost an average of £200 – there are no details as to whether people were hit with a single one-off transaction, or whether there were smaller amounts of say £50 on a weekly basis. They might not necessarily have been sent to the same accomplice in each instance.