Losses in 2012-2013: the cost of frauds

In recent years, payment and banking services have been drawing closer attention of all sorts of criminals. The number of crimes related to stealing money via electronic communications keeps growing.

In recent years, payment and banking services have been drawing closer attention of all sorts of criminals. The number of crimes related to stealing money via electronic communications keeps growing. According to the late last year’s statistics, virtually every minute banks around the world are exposed to any kind of cyber attacks ranging from DDoS to bring down banking services for several days to the fraudulent actions leading to grave financial and even graver reputational losses.

In 2012 and 2013 there were several reports of large scale operations in which attackers fleeced financial institutions using information technologies.

In the previous article we mentioned a group of cybercriminals infecting financial institutions in Ukraine with malware in 2013 to extract more than 3 billion hryvnia (about 8 billion rubles, or $250 million).

There were other truly gross occasions. For example, in 2012 during an operation called High Roller attackers stole no less than $78 million or up to $2.5 billion from the accounts of about fifty banks in Europe, the U.S. and Latin America. Attackers targeted both individual and corporate well-to-do clients of the banks. After determining the main accounts of the victims the attackers transferred their money to prepaid debit cards while taking care that bank customers received false reports of the their accounts’ balances so that they assumed their money intact.

The operation was performed at a very tech-savvy level. The criminals managed to find ways to bypass two-factor authentication and automate transactions, so that virtually all happened without the participation of people. The malware (banking Trojans of SpyEye and ZeuS families) received instructions from “clouds”, not from specific computers; the money was transferred via intentionally configured servers. In other words, the attackers did their best to cover their tracks so properly that even the true size of losses still remains a mystery.

In May of 2013 a group of criminals extracted about $45 million from ATMs in New York. Intruders broke into the servers of financial institutions in the U.S. and India and lifted restrictions on stolen debit cards’ cashing. Then specially hired people came to withdraw cash from ATMs. The operation lasted for several months, but eventually police caught the hackers, and eight fraudsters would face criminal charges.

In the late January the United Kingdom’s fraud prevention service CIFAS published 2013 statistics. In general, 221,000 confirmed cases of fraud were detected in the U.K., more than a half of them were identity thefts for profit or seizing other people’s accounts.

800_2

At the same time the total number of frauds decreased by 11% as compared with 2012. As the CIFAS reported the decrease was proof of the positive preventative impact of counter fraud measures.

These figures and trends show how important it is for financial institutions to have reliable means of fighting cybercrime and preventing frauds. The new platform Kaspersky Fraud Prevention is one of such means which allows you to centrally protect both the infrastructure of the bank and its customers’ devices from fraudulent transactions attempts. KFP is able to determine the degree of vulnerability of client PCs and mobile devices, to detect malware and suspicious applications, and to prevent intercepting text messages, sent by the bank to users. See more details about Kaspersky Fraud Prevention here.

Tips

Securing home security

Security companies offer smart technologies — primarily cameras — to protect your home from burglary, fire and other incidents. But what about protecting these security systems themselves from intruders? We fill this gap.