An international organized crime syndicate has stolen at least $40 million from banks since March using a hacking scheme, according to a report released Tuesday, and has likely stolen substantially more.
"We only see the ones that come to us," said Brian Hussey, vice president of cyber threat detection and response at the security firm Trustwave's Spiderlabs division, which produced the report.
"Other banks may have come to other vendors or may not have noticed the theft yet."
Trustwave has seen heists of between $3 million and $10 million from five different banks in that time frame, predominantly in post-Soviet states. The attacks have spread as far as Africa, Hussey said, and appear to be accelerating.
The heist begins with the syndicate providing dozens of impoverished collaborators fake identifications to open empty bank accounts, the report said. The group then hacks the bank and credit card processors to drastically increase overdraft protection on each account, a service allowing typically low-risk accounts to withdraw more money than is in the account without sounding alarms. Finally, the group coordinates withdrawals of between $25K and $35K from ATMs in surrounding countries.
Hussey said Trustwave has worked with law enforcement who has found that the people who open the initial accounts are largely unsophisticated and unaware of the larger scheme of which they took part.
The hacking is based on phishing emails to gain access to bank networks. Attackers then leverage that bank access to get the bank's credentials to the credit card processor.
Though the attacks are focused in Eastern Europe, the Trustwave report warns that North American, European, Asian and Australian banks should take notice.
"Eastern Europe is often the canary in the mineshaft, used as a testing ground for techniques used elsewhere," said Hussey.
Hussey said there were security oversights that could have prevented the attacks, including properly integrating bank monitoring software that checks for patterns of anomalies, like zero dollar accounts being given large overdraft abilities.