Operation High Roller Raises Financial Fraud Stakes

By on

Earlier today Guardian Analytics and McAfee released the joint report “Dissecting Operation High Roller,” which describes a new breed of sophisticated fraud attacks. The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multifaceted automation in a global fraud campaign.

Building on established Zeus and SpyEye malware tactics, this ring adds many breakthroughs: bypasses for physical “chip and pin” authentication, automated “mule” account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000). Although Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including to the United States and Colombia.

What are the key points in the attacks?

  • A shift from traditional man-in-the-browser attacks on the victim’s PC to server-side automated attacks. Criminals have moved from multipurpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions.
  • Global: Started in Europe, moved to Latin America, and recently to the United States
  • Impacts commercial accounts and high-net-worth individuals
  • Impacts financial institutions of all sizes

What is the impact of this new fraud methodology?

  • Criminals can move faster
  • A wide variety and level of dollar transactions can be attempted
  • Purpose-built, multiple-strategy approach helps avoid detection
  • By avoiding detection, the servers can stay live longer

Leave a Comment

Similar articles

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most ...
Read Blog
The risk to your family's healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed. That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From ...
Read Blog