FBI warns of evolving financial cybercrime
Evolving cybercriminal tactics are producing panicked moments for some banking customers.
Cybercriminals have always been inclined to follow the money. But according to a recent security bulletin jointly issued by the Federal Bureau of Investigation (FBI), Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center (IC3), hackers have started directly targeting individual bank employees to serve as their unwitting accomplices in financial data breaches.
During the past few months, FBI investigators have observed a marked increase in the amount of spam, phishing emails, keylogging programs and remote access Trojans (RATs) used to obtain employee credentials and infiltrate financial institution networks. Although the victims have primarily been smaller banks and credit unions, the consequences have been no less significant.
According to the report, stolen credentials have routinely been used to initiate and approve overseas wire transfers ranging in values from $400,000 to $900,000. In at least one case, cybercriminals were even able to raise the wire transfer limit on a customer's account to secure a larger windfall. And in the event that the transaction failed, it was most often attributed to a clerical error made when inputting account information as opposed to bank administrators rooting out threats.
"The unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours using the stolen financial institution employees' credentials," the brief stated. "These logins allowed the actor(s) to obtain account transaction history, modify or learn institution-specific wire transfer settings and read manuals providing information and training on the use of U.S. payment systems."
Investigators also noted that these intrusions were typically preceded or followed by dedicated denial of service (DDoS) attacks intended to distract network administrators from the true threat. The vast financial incentive available to motivated hackers was underscored by the fact that the commercial crimeware kits most often used to trigger the Internet security diversion can be purchased for approximately $200 via criminal forums.
Employee education
With frontline bank employees now standing in cybercriminal crosshairs, it may be more important than ever for financial institutions to educate staff on the threats they may face and how to respond. The first recommendation outlined in the report was a discussion of the dangers that may await in the documents attached and links embedded within unsolicited emails. Although avoiding these basic traps has been a matter of best practice for some time, the emergence of social engineering attacks has made this vector as viable as ever for cybercriminals.
Additionally, experts preached a policy of isolation regarding payment processing systems. Managers were encouraged to ban access to email accounts, and the open Internet, on the computers used to initiate wire transfers. By the same token, banks maintaining BYOD (Bring your own Device) programs were discouraged from allowing remote workers full administrative privileges on key banking systems.
Technical intervention
Well-informed workers are a vital asset for any financial institution, but banks will also have to fight fire with fire and deploy advanced technological resources to keep hackers at bay.
"Some of the ploys are so good they could fool almost anyone – very sophisticated schemes like web injections and email from friends that lead you to open an attachment," Trusteer senior security strategist George Tubin explained in a related interview with CSO Magazine. "The real answer comes in automated technology, to make sure people don't respond to those things."
As a first step, FBI investigators recommended a systematic review of all reputation-based defense systems, application whitelists and employee credentials. Moving forward, administrators would also be wise to implement a continuous monitoring solution that keys in on after-hours employee logins and any changes made to wire transfer settings. This same technology will also be useful in highlighting a rapid influx of web traffic that could be indicative of a forthcoming DDoS attack.
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet