Page 2 of 2
Banks targeted so far have been located in Europe, Latin America and the United States. According to the report, more than $1 billion in fraud has been attempted, but only $50 million to $70 million worth of transactions have been successful. Marcus says the data is unclear as to why some attacks succeed and others fail, but because the attempts are fully automated, the criminals would not need to waste time on the failures. When successful, the money is transferred to a variety of different locations, both within the United States and outside the U.S.
“You can essentially have parallel transactions going on, without even knowing it,” explained Marcus. “The web injection can even manipulate the browser so that the amount of money listed on the account does not reflect the stolen funds. And from the banks point of view, it doesn't really look like fraud because the user is logged in and it appears to be doing things of their own volition. The criminals have moved from multipurpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions.”
Marcus added that the investigation is currently wrapping up the first phase of the research and documenting the flow of the money, identifying the servers and the mule accounts, and working with the infected institutions and users, as well as law enforcement authorities.