Leading cyber security company, McAfee, has issued a breaking news report that indicates that the U.S., European and Latin American financial systems are under a massive cyber attack.
So far some $2.5 billion has been siphoned from thousands of accounts at various financial institutions and banks.
McAfee states that the attacks are ongoing and apparently international law enforcement agencies are working on shutting them down.
According to the report from McAfee, together with Guardian Analytics, they have uncovered a highly sophisticated, global financial services fraud campaign that has reached the U.S. banking system. McAfee is working actively with international law enforcement organizations to shut down these attacks.
They state that unlike the standard SpyEye and Zeus attacks that typically feature live (manual) interventions, they have discovered at least a dozen groups now using server-side components and heavy automation.
The fraudsters' objective in these attacks is to syphon large amounts from high balance accounts, hence the name chosen for this research is "Operation High Roller."
As no human participation is required, each cyber attack moves quickly and scales neatly. The operation combines an insider level of understanding of the banking transaction systems, with both custom and off-the-shelf malicious code, and appears to be worthy of the term "organized crime."
So far McAfee's study has found 60 servers processing thousands of attempted thefts from high-value commercial accounts and some high net worth individuals. The attack has shifted emphasis from consumers to businesses, with mule business accounts allowing attempted transfers averaging in the thousands of Euros, including some transfers as high as €100,000 (US$130,000).
So far, three distinct attack strategies have emerged as the targets have expanded from the EU to Latin America and the U.S.
According to their research, not only big banks are affected. The attacks are being made at every class of financial institution: credit union, large global bank, and regional bank.
At this stage, McAfee estimates that the criminals have attempted fraudulent transfers of at least €60 million (US$78 million) from accounts at 60 or more financial institutions (FIs).
They are estimating that the total attempted fraud could be as high as €2 billion.
"The criminals have created a computer code which automatically finds a victim's highest-value account," the report explains.
"It then transfers money to a pre-paid debit card which can then be drained anonymously."
Despite the complexity of the fraud, McAfee and Guardian Analytics insist that security companies can still fight this type of threat.
"We can do this, the machinery exists," they conclude.
"We encourage other security vendors and the global banking industry to take action against this ballooning fraud ring and similar future attacks by improving detection and information-sharing.
"Hopefully, this report also will spur more sensitivity and vigilance by the high-value businesses and consumers whose accounts are being plundered."