||Sign Designs, Inc. in Modesto, CA, lost nearly $100,000 when cyber thieves used the company’s credentials to log into its online banking account and initiate a series of transfers to 17 accomplices around the country. Ferma Corp., a Santa Maria demolition company, discovered in July that $447,000 was taken from their bank account. Security Fix reported that it wasn’t their bank that notified them, it was a financial institution at which several of the mules (accomplices) had recently opened accounts. Ferma was able to work with that bank and stop at least $232,000 worth of bogus transfers. Reports of this incident state that Ferma’s bank is holding back money it recovered until Ferma agrees to sign a document stating they won’t sue for the remaining losses. It turns out that the two-factor authentication used by Ferma’s bank wasn’t able to stop the thieves. More victims of this scheme are stating they are in the process of suing their banks for not stopping the transfers. It’s easy to understand why banks and their business customers are at odds in determining the culpability of these thefts.
One of the largest thefts identified so far was reported by Unique Industrial Product Co., a Sugar Land, Texas-based plumbing equipment supply company. Cyber thieves stole $1.2 million when attackers used malware planted on its computers to initiate 43 transfers out of the company’s account within 30 minutes. They were lucky because the company spotted the fraud quickly and their bank was able to retrieve all but $190,000 of the stolen money.
Businesses aren’t the only targets. These cyber crooks are also targeting public and private schools. The Western Beaver School District outside of Pittsburg, PA, had $704,610 transferred from the school’s account at ESB Bank in 74 separate transactions. It was reported that malware installed on the superintendent’s computer tricked the bank’s system into authorizing the series of money transfers. It is alleged that the bank processed the last 19 transfer requests three days after they knew of the scheme and was told by district’s superintendent to stop. The school district is suing ESB to recover their loss. In August, hackers also broke into the Sanford School District in Colorado and set in motion a series of $10,000 withdrawals from the school’s payroll account totaling $117,000 before an employee noticed the phony payments. Sand Springs Oklahoma School District also had a series of bogus payroll payments totaling more than $150,000. And at Marian University, a Catholic university in WI, the thieves stole more than $189,000 disguised as payroll transfers.
Unfortunately, the list of victims is growing because these supposedly Eastern European cyber criminals are finding it easy to get their hands on your money. Ask yourself if your security architecture is protecting your company’s critical business processes.
Besides adopting strong authentication, NCX highly recommends segregating computers used for online banking transactions. Using a dedicated, stand-alone system isolated from your local network and day to day use will greatly reduce the influence of Trojans. It is also recommended that an alternative operating system be used for financial account access. Minimize your exposure to vulnerabilities by keeping your software current and update your antivirus daily. This alleviates the opportunity for malware to take hold when an update currently exists. Role-based access control and data classification rules also play a key role in securing high risk transactional workstations and servers.
If users sense a lag in the business financial banking site or the site indicates it is down for maintenance, notify your bank immediately. Keylogging software may be active and a forensic search of the bank Trojan “Clampi” or its variants should be conducted on the machine. A Trojan horse program known as “Zeus” may also be the cause, which allows the attackers to change the display of a bank’s login page as a user is entering their credentials. The page usually goes to a duplicate, non-authentic site that gives an explanation of the downed site and suggests they try again in 15 minutes. When the user tries again, the crooks have already intercepted the credentials and “raided” the bank account.
Advise your users to be cautious and alert them to this most dangerous trend. NCX is ready to assist you in any forensic discovery.
For a free consultation on how our experts can help you secure your data at a price that will fit your budget, `call us at 888-448-5451 or request a representative to call you.
NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.