Sad Scary State of Bank Security
Who needs guns, threatening notes to rob a bank when you can do it with just your fingertips inside your home?
A hacking ring in the eastern portion of Europe may be the most successful team of bank robbers to date, having purportedly robbed $1 billion from multiple banks. This can only be done by infecting computers with malicious software (malware) and sucking out all the money.
Obviously, these hackers aren’t dumb criminals, but they also play on poor security measures of the banks. Apparently, the success of the hackers’ attack was contingent upon an employee clicking on a malicious link in an e-mail or opening a malment in the e-mail (“malment” = malicious attachment).
And that’s exactly what happened; someone fell for the oldest cyber trick in the book. This could have been prevented by not only having Microsoft updates done on a regular basis and having updated antivirus, but educating employees.
The next step in the chain reaction was the triggering of Carbanak, a virus that installs software that logs keystrokes…figuring out passwords this way. But Carbanak also captured screenshots.
How could banks let something like this happen?
Let’s Dissect this Robbery
The thieves sent out phishing e-mails—those containing malicious links or attachments—that are designed to trick people into clicking on them because the messages look legitimate. The crime ring just sat back and waited, knowing it was only a matter of time before someone clicked on one of their malments.
The keylogging gave the thieves all the information they needed to drain the banks. Boy, they sure broke in easily! All because the banks didn’t keep their devices security updated, leaving an unpatched opening—and perhaps the employee(s) who fell for the ruse were doing banking business on the same device they use for personal use—big huge mistake.
And whose fault is that? The bank’s; we can’t expect the run-of-the-mill employee to have built-in knowledge about how hacking rings work and that it’s a gateway to cyber theft if one mixes business activities and personal activities on the same computer. Learn from their mistakes. Update your devices and don’t click links in emails.