Hacker group dubbed ‘MoneyTaker’ have allegedly stolen nearly £7.5million from companies in Russia, the United Kingdom and United states. Utilising a network operator portal, they were able to remove overdraft limits on debit cards and withdraw money from cash machines.
The cyber thieves stole documentation for technology used by 200 banks in the US and Latin America and according to a report from Group-IB, could be used in future attacks.
Kevin Curran, a professor of cybersecurity at Ulster University told the BBC:
“It really is perfect in some ways, they're able to compromise systems and then extract all the documents for how a banking system works so that they have the intelligence needed to produce fraudulent payments."
"Banks are increasingly spending more on security, but the hackers only have to find one way in. They have to protect all the ways in."
MoneyTaker have reportedly stolen $500,000 in 16 attacks against US companies and $1.2m in three attacks against Russian banks since May 2016. In their first attack they compromised a debit card processing system (First Data’s ‘Star’ network) used by more than 5,000 banks.
Utilising the infiltrated systems they were able to remove or increase cash withdrawal and/or overdraft limits on legally opened debit cards. Mules were then sent to withdraw the money from cash machines.
The group used a combination of publicly available tools and custom-written malware to penetrate the banking systems. They even went as far as to access a home computer of a Russian banks systems administrator to access its internal network.
As well as money, the hackers were also looking for internal banking system information, administrator guides, internal instructions and transaction logs.
This was an expertly executed, targeted attack which wouldn’t have been easy to pull off. However, attacks on small businesses are easier to carry out and don’t require the same level of expertise. Most hackers gravitate toward hacking smaller retailers because their security is usually much poorer than those of big companies. If your business is adequately protected, it’s likely that they will move on to easier prey.
For some quick tips on keeping your eCommerce landscape secure, check out our guide to keeping yourself protected.
By constantly changing their tools and tactics to bypass antivirus and traditional security solutions, and most importantly carefully eliminating their traces after completing operations, the group has largely gone unnoticed. "MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise," said Dmitry Volkov, Group-IB co-founder and head of intelligence. "In addition, incidents occur in different regions worldwide and at least one of the US banks targeted had documents successfully exfiltrated from their networks, twice."