This article is more than 1 year old

Overdraft-fiddling hackers cost banks in Eastern Europe $100m

Mules open forged accounts, crooks clear them out from foreign ATMs

Hybrid cyber attacks on banks in former Soviet states has already resulted in estimated losses of $100m.

Security researchers at Trustwave report today that cybercriminals are using mules to open accounts with counterfeit documents while hackers compromise the bank's systems to obtain unauthorised privileged access and break into the network of third-party processors.

The hackers ultimately target privileged access to card management systems before activating overdraft facilities, and reducing the risk ratings associated with the counterfeit bank accounts. At this point the mules are able to withdraw funds from cash machines running up huge debts.

The crooks use a combination of opportunistic phishing, social engineering, and Windows exploits to gain entry into the banking systems. Trustwave reports that key loggers are planted on compromised networks to snaffle login credentials of bank employees authorised to approve overdrafts. Although the attacks originated in Eastern Europe/Russia, Trustwave believes that there is a very high probability that this technique will spread globally.

The multiple stages of a hybrid bank attack [source: Trustwave]

The SpiderLabs team at Trustwave found linked scams after it was asked to investigate a series of bank breaches originating in ex-Soviet countries during mid-to-late 2017. The actual amount of money stolen was different in each case, with the average amount around $5m (in cash), ranging from $3m to $10m.

The investigations revealed that multiple attacks shared a number of common features, such as large losses from what initially appeared to be legitimate customer accounts. In all cases, the theft took place using normal withdrawals from various cash terminals outside the bank's originating country.

In some cases, the banks didn't realise a breach had taken place and a significant amount of money was stolen well after the attack was completed. In a few cases, the malicious activity was reported to the banks by third-party firms responsible for processing the bank's debit and credit card transactions. The common tie between all the scams was that money was stolen using legitimate cards provided by each bank. ®

More about


Send us news

Other stories you might like