Experts from IBM Trusteer report worrying news - cybercriminals are well-versed in "automating fraud." A certain hacker network managed to carry out millions of separate operations to hack online banks and withdraw small amounts in a couple of days so that the bank's security systems did not recognize the attack. The amount of damage is not too great, but the scale of the attack and the sophisticated approach of its organizers are extremely alarming.
The main weapon of criminals has become legal emulators of mobile devices, which are used when testing applications when it is necessary to simulate the connection of many gadgets. One emulator creates 8100 virtual objects, for the attack they were collected in a "farm" of 20 emulators. When connected through the online banking system, the pseudo-gadget sent the identifier of the real device from the stolen database. Or he imitated the client's first connection from a supposedly new phone to his bank account.
The widest range of used mobile OS versions
IBM Trusteer said the scammers were able to intercept SMS codes, but did not disclose how it was done. As a result, the emulator farm has successfully completed thousands of authorizations, allowing millions of ordinary, unsuspecting transactions to be made, and robbing dozens of bank customers. The experts were most impressed by the fact that the farm acted as a single system that connected virtual devices with great speed, promptly replaced waste nodes with new ones and maintained an unprecedented rate of robbery.
Even more interesting, the attack strategy changed in real time, hackers analyzed traffic between bank servers and virtual gadgets to see security weaknesses. They constantly maneuvered, quickly replaced emulators, very quickly removed traces of connections, instantly responded to the increased interest in operations from the control systems. These criminals have learned from their mistakes at a rate that a person or team is not physically capable of. It was the automation of the process that helped them, and this means the transition of the sphere of cybersecurity to a new reality.