Hackers have stolen millions of dollars from banks in former Soviet states by breaking into their IT networks to increase overdraft limits on fraudulently opened accounts and then making ATM withdrawals.
TrustWave, which uncovered the scam, says that it has found around $40 million in fraudulent withdrawals but expects the total losses to be in the hundreds of millions of dollars.
The gang sent mules with fake identities to bank branches to set up accounts and request debit cards. Then, the hackers manipulated the overdraft limits associated with these cards, removing any restrictions in the core card processing system. Finally, the cards were sent to new mules abroad, who withdrew massive amounts of cash from ATMs despite the fact the accounts were virtually empty.
The crooks used an old-fashioned phishing campaign to install remote access malware on bank staffers' computers in order to increase the overdraft limits.
TrustWave says that because legitimate debit cards, rather than stolen ones, were used, and the attackers removed anti-fraud controls for the accounts, the cash-outs did not trigger any alarms in the bank systems.
The overdraft limit changes and ATM withdrawals were carried out almost simultaneously, the kind of coordination which TrustWave says is a "strong indicator of organised crime activities".
Says the firm: "Organisations need to expand their defensive security strategy to assume that they have "already been compromised" and actively search for threats to detect and minimise damage.
"This is known as Threat Hunting and helps businesses detect existing adversaries moving laterally within their infrastructures and mitigate these threats before they have a chance to realize their full potential."