A new massive hack stole millions of dollars from online bank accounts. The hackers copied the smartphones of 16,000 users.
The security experts claimed that the hackers used a network of mobile device emulators. Copying the users’ smartphones allowed them to steal millions of dollars from online banking accounts.
They were able to pull off the massive online breach in just a few days. This just shows how specialized hackers are.
IBM Trusteer experts said that the attack’s scale was unlike anything they have seen before. The hackers used around 20 emulators to copy more than 16,000 phones from their victims.
After that, they breached these people’s online banking accounts. The security researchers claimed that one instance of the massive hack was very alarming.
Why is the massive hack alarming?
In one case, the hackers used a single emulator was able to spoof more than 8,100 devices. They then entered usernames and passwords into banking apps running on the emulators.
To give you an idea, legitimate developers use emulators to test how apps run on different smartphones. Going back, after hackers use these emulators, they initiate fraudulent money orders.
Doing this method allowed them to pull off the massive hack and steal millions of dollars from compromised devices.
The hackers used device identifiers to bypass the protections banks use to block such attacks. These identifiers correspond to each compromised account holder.
The hackers also obtained the device IDs from the hacked devices. They pretended to be customers who were accessing their accounts from new phones.
The attackers were also able to bypass multi-factor authentication by accessing SMS messages.
What happens after the account was drained?
After the hackers drained an account, they would retire the spoofed device that accessed the account. When they are done with it, they’ll replace it with a new device.
The hackers also cycled through devices if they were rejected by a bank’s anti-fraud system.
IBM Trusteer researchers said they identified distinct attack legs from the hackers. They said that the attackers tend to wipe all the data and start a new hack after their operation was done.
The researchers believe that bank accounts were compromised using either malware or phishing attacks.
However, the security experts were not able to explain how the hackers managed to steal SMS messages and device IDs.
Most of the online banking accounts were located in the United States and Europe. The attackers intercepted communications between the spoofed devices and the banks’ application servers.
The method allowed them to monitor the progress of operations in real-time.
They also used logs and screenshots to track the operation over time. As the massive hack progressed, the researchers saw the attack techniques evolve as the crooks learned from previous mistakes.
The new massive attack is just one of the latest cyber breaches that happened these past few months. Previously, SolarWinds was also hacked by alleged Russian hackers. They next one compromised around 40 customers of Microsoft.
This just shows that the current pandemic gave way for hackers to evolve since most people are now doing tasks online.