Cybercrime Moves to the Cloud
The same flexibility and freedom companies get from having their software and services hosted in the cloud is enabling cybercriminals to conduct highly automated online banking theft — without doing much of the necessary information processing on their victims’ own computers.
Security and privacy experts have long worried that criminals would launch attacks on the servers storing the data in cloud environments. But, a report released this week from McAfee and Guardian Analytics shows that criminals are now using the cloud infrastructure itself to get more capability out of their campaigns.
“They are leveraging the cloud,” Brian Contos, senior director of emerging markets at McAfee, said in an interview. “This is the first time we’ve ever seen this.”
Basically, what researchers uncovered was a series of highly sophisticated campaigns designed to siphon money out of high balance bank accounts in Europe, the U.S. and South America through automated transfers. Like most online consumer bank fraud, the attacks started off with a phishing e-mail, typically pretending to be from a victim’s bank and urging the recipient to click a link to change the account password. Once the link is clicked, a Trojan — in this case Zeus or SpyEye — was downloaded onto the victim’s computer, in early versions of the attacks. In later versions the malware is operating from a server.