Every day criminals are finding new ways to commit acts of fraud and to steal information from consumers and financial institutions. After a three month investigation, SecureWorks uncovered a new method of cyber attack used by Russian criminals to tap into U.S. financial institutions.
The Russian cyber gang used sophisticated Zeus and Gozi Trojans to gain access into computer systems. The unique part of the crime was that the attackers then set up a Virtual Private Network connection to a remote server. The purpose was to easily access the systems to continually steal information and use it to counterfeit checks.
"We've never seen check fraud connecting to cyber crimes," said Joe Stewart, director of malware research for SecureWorks. Through the VPN the cyber gang ran a connection to the computer system and hid its tracks. SecureWorks was able to monitor the operation through the VPN and see the information that was being stolen and sent back to the hackers' system.
SecureWorks discovered that the hackers were accessing sites storing archived check images. The hackers download the images, print out counterfeits and have money mules cash the checks and wire the money back to Russia.
One of the most interesting parts of the cyber attack, Stewart said, was that the hackers had an intimate knowledge of how financial institutions and financial transactions worked on the back end.
"They knew anti-check fraud systems archived the checks so that they could get access to thousands of accounts at once," Stewart explained. Another interesting part of the crime was the quality of the checks. "The checks looked really good," said Elizabeth Clarke, vice president of corporate communications. "They looked like true checks with correct routing numbers, logos and signature. The only thing was a small misspelling."
Shortly after SecureWorks detected the hack a similar operation was discovered.
A woman contacted the organization to report that she was trying to be recruited to be a money mule.
The criminals would gain access to job boards and would send spear fishing e-mails to recruit job seekers as mules.
To help protect the financial institutions and consumers from these types of attacks, Clarke said offer consumers a service that allows them to present checks they've written against checks that are pending against the account. This allows the consumer to select checks they've written and report fraudulent checks that are showing up.
Clarke said also make sure to keep up due diligence on all systems and service providers.
Stewart said having someone on staff to keep up with the pace of malware attacks is also beneficial.
"Have someone that can tell you what threats are out there and what different angles the institution can take to protect from an attack."