Stealing Your Money Through

Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery. The Art of Cyber Bank Robbery earn approximately $25,000. Recent botnets such as Zeus, SpyEye, and Citadel have infected millions of machines. If the same formula is applied, potential earnings are in millions of dollars every year. Some income comes from renting out the infected machines, but there are also Pay Per Infection (PPI) services where bot herders charge customers to distribute malware for a fee across their botnet. PPI rates vary significantly depending on where targeted machines are located. For example, $130 to $150 is charged per 1,000 machines to load malware on computers located in the U.S., but the rate is as low as $3 to $5 for locations in Asian countries such as China. In either case, providers of PPI services can earn millions of dollars annually. On the defensive side, Anderson et al. in their study of cyber crime [3] pointed out that botnet mitigations cost $ 3.2 billion for anti-virus software alone. Globally, the study estimated that companies spend roughly $10 billion annually to provide defenses against cyber crimes. In addition, they projected that total global law enforcement expenditures were approximately $400 million for cyber crime. The study also concluded that global online banking fraud losses were close to $300 million, and to prevent additional frauds, banks spent approximately $1 billion. Florencio and Herley of Microsoft Research [21] found that credentials are offered in the underground market at $0.05 on the dollar value of the account. It leads them to observe that converting credentials to cash is the hard part and only a few stolen credentials result in actual theft. They analyze that the biggest cost comes from defensive costs and Anderson’s data supports that conclusion. In this paper, we present the cyber bank robbery model that is used by cyber criminals to conduct online frauds using automated exploitation frameworks such as botnets. This model is used for attacking end-user systems and mobile platforms. Overview and Threat Model Skilled cyber criminals are responsible for the majority of online bank fraud. The attack process can be outlined as follows: • Infection Entry Point and Exploitation: A cyber criminal begins by co-opting a high-volume website to host an automated exploitation framework. That framework exploits browsers having vulnerable components using what is known as a drive-by download. The users are coerced to visit the infected website using techniques such as phishing. In addition, malicious applications can also be installed on mobile devices to control communication. • Data Exfiltration: A bot is installed on the infected system that connects back to a C&C computer. For example, if the cyber criminal wants to attack Bank of America (BofA) sessions, it commands the bot to download the appropriate plugin. The bot hijacks (hooks) the communication channel initiated by the browser with the BofA website to steal account information, credentials, registered email addresses, etc. The key point is that the attack exploits client-side software, the browser in particular. Apart from that, the bots can Stealing Your Money Through Insidious Attacks