Cyber criminals actively targeting financial institutions, warns FBI
Posted on 19 September 2012.
Cyber criminals have been and are actively targeting employees of financial institutions with spam and phishing e-mails, warns the FBI-backed Internet Crime Complaint Center (IC3).


Their aim is to compromise the employees' computers via information-stealing Trojans, keyloggers and Remote Access Tools (RATs) and then use the gleaned information to access the institutions' internal networks and third party systems.

The attackers' ultimate goal is to circumvent authentication methods used by the financial institutions to deter fraudulent activity, so that they can handle all aspects of a wire transaction, including the approval.

"The unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours using the stolen financial institution employees’ credentials. These logins allowed the actors to obtain account transaction history, modify or learn institution specific
wire transfer settings, and read manuals providing information and training on the use of US payments systems," says in the advisory. "In at least one instance, actors browsed through multiple accounts, apparently selecting the accounts with the largest balance."

The attackers seem to prefer targeting small-to-medium sized banks and credit unions, although some of larger banks have been hit, as well.

The stolen information and the unauthorized access is misused to approve and cover fraudulent wire transfers, and the attackers have also been known to launch DDoS attacks against the institutions' Internet Banking websites in order to distract the personnel and prevent them noticing and blocking in time these money transfers.

The advisory also contains a number of helpful recommendations for preventing the attacks or minimizing their effects.






Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //