Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

Overdraft-fiddling hackers cost banks in Eastern Europe $100m

October 10th 2017
Mules open forged accounts, crooks clear them out from foreign ATMs
By John Leyden

Hybrid cyber attacks on banks in former Soviet states has already resulted in estimated losses of $100m.

Security researchers at Trustwave report that cybercriminals are using mules to open accounts with counterfeit documents while hackers compromise the bank's systems to obtain unauthorised privileged access and break into the network of third-party processors.

The hackers ultimately target privileged access to card management systems before activating overdraft facilities, and reducing the risk ratings associated with the counterfeit bank accounts. At this point the mules are able to withdraw funds from cash machines running up huge debts.

The crooks use a combination of opportunistic phishing, social engineering, and Windows exploits to gain entry into the banking systems. Trustwave reports that key loggers are planted on compromised networks to snaffle login credentials of bank employees authorised to approve overdrafts. Although the attacks originated in Eastern Europe/Russia, Trustwave believes that there is a very high probability that this technique will spread globally.

The SpiderLabs team at Trustwave found linked scams after it was asked to investigate a series of bank breaches originating in ex-Soviet countries during mid-to-late 2017. The actual amount of money stolen was different in each case, with the average amount around $5m (in cash), ranging from $3m to $10m.

The investigations revealed that multiple attacks shared a number of common features, such as large losses from what initially appeared to be legitimate customer accounts. In all cases, the theft took place using normal withdrawals from various cash terminals outside the bank's originating country.

In some cases, the banks didn't realise a breach had taken place and a significant amount of money was stolen well after the attack was completed. In a few cases, the malicious activity was reported to the banks by third-party firms responsible for processing the bank's debit and credit card transactions. The common tie between all the scams was that money was stolen using legitimate cards provided by each bank.