Noa Bar-Yosef, Imperva’s Senior Security Strategist provides insight into how the Zeus scam, which has resulted in over 70 arrests, may have operated, while Mickey Boodaei, Trusteer's CEO thinks more Zeus gangs operate globally.
"These criminals operated Zeus in one of two ways: either the bots used were under their own control, or, and more likely the case, they rented a bot from a bot 'farmer’. The bot farmer grows and manages the bot, and the criminals then rented and used it.
The hacking rings we see today take on a more organized approach, similar to a drug cartel or a cyber-mafia. There is a hierarchy with employees that have a distinct role in the scheme -- the researcher looks for different ways to infect machines, the botnet farmer operates the bots, the botnet dealer rents the bots, and the actual 'consumer' monetizes on the virtual goods received by the bot.
In this scheme, these bots did more than just harvest user credentials -- they injected code into the user's browser so that the user thinks they have a legitimate connection with their bank. In fact, the user was actually engaging with the Trojan.
Banks need to step up their security measures -- instead of being reactionary after the fact, try to be proactive by guessing the next steps of the hackers. The banks can use the uncovering of this Zeus exploit to learn more about how these gangs work. They can see how the attack code was adapted over time and analyze the modification of methods, which can help them anticipate the next move hackers are likely going to make."
Reports that the Metropolitan Police's e-crime unit have arrested 19 people in connection with the notorious Zeus Trojan malware - show that some of the criminal groups behind Zeus are failing to cover their tracks according to Mickey Boodaei, CEO of Trusteer, the Secure Browsing Service specialist.
“The arrests shows that some of the criminal groups behind Zeus are doing a poor job in covering their tracks,” said Mickey Boodaei, Trusteer's CEO “This provides an excellent opportunity for the police, the banks, and their customers to join together and get more criminals behinds bars. The police did a great job in tracing down this group and gathering information that can facilitate their arrest. This is not a simple task and I've heard many people saying that this is almost impossible due to the level of sophistication from criminals and the complication of the justice system. However, this case and a few others that precede it show that this can be achieved.”
To protect your privacy, remote images are blocked in this message. As a second batch of East European hackers were charged on recently - this time in the US - with siphoning money from online bank account users using the Zeus trojan, Secure Browsing Service specialist Trusteer says there are other Zeus cybercrime gangs operating elsewhere in the world. Trusteer's comments come in the wake of a rash of arrests in the UK recently, which culminated in formal charges being laid against 11 Eastern Europeans from all walks of life. In the US, meanwhile, charges were recently brought against 70 further East Europeans, who allegedly used Zeus to steal at least $3 million from US bank accounts.
“The recent arrests in the US and the UK indicate that financial fraud is not the business of individuals,” says said Mickey Boodaei, Trusteer's CEO. “Behind these operations you can find groups of people which in many cases operate for larger organized crime groups. They have the money and the means to run large scale sustainable criminal online operations. As time goes by we're seeing more groups which are larger, more efficient, and knowledgeable than before, and as a result much more successful. Zeus is being used around the world to attack individual customers, and big businesses are also being targeted, particularly in the US.”
And it's against this backdrop that Boodaei predicts that other cybercrime gangs are almost certainly operating in other countries around the world, perhaps in continental Europe, Canada and across the Asia-Pacific region, running parallel criminal operations to the Zeus gangs in the UK and the US
“However, recent successful arrests in the US and the UK show that law enforcement agencies, with the help of the banks, their customers, and the industry, are capable of tracking these people down and putting them behind bars. More efforts are needed for this promising start to become truly successful. Financial fraud can be stopped from spreading if financial organizations and customers continue to improve security and work with law enforcement to go after cyber criminals.”
“The arrests show that some of the criminal groups behind Zeus are doing a poor job in covering their tracks. This provides an excellent opportunity for the police, the banks, and their customers to join together and get more criminals behinds bars. The police and law enforcement agencies did a great job in tracing down this group and gathering information that can facilitate their arrest. This is not a simple task and I've heard many people saying that this is almost impossible due to the level of sophistication from criminals and the complication of the justice system. However, this case and a few others that precede it show that this can be achieved.”
*In a recent initiative by Trusteer and a few other organizations, we were able to actually penetrate the criminals' servers and gather a lot of evidence from them. This shows that criminals are vulnerable.
“By running more operations like this and by the banks and other organizations investing effort in tracing fraudsters and not just blocking their activities, there is a good chance we can lower the volumes of attacks. Customers can take their banks' advice and implement fraud prevention tools that provide valuable capabilities to banks in detecting and blocking these threats. By working together we can definitely stop this threat from growing.” Boodaei said.
For more on the US Zeus cybercriminal arrests: http://bit.ly/d7P98k
For a copy of the United States Attorney Southern District of New York press release: http://www.justice.gov/usao/nys/pressreleases/September10/operationachingmulespr%20FINAL.pdf