Recently, news reports indicated that a group of hackers called Carbanak invaded more than 100 worldwide banks in 30 different countries that included China, the Russia and the United States. The cybercriminals successfully removed $1 billion. The New York Times described the assault as "one of the largest bank thefts ever." Some believe that early detection methods and routine penetration testing may have minimized the damage.
[ibimage==45125==Original==none==self==null]
How the Attack Occurred
The unscrupulous plan involved sending phishing emails to bank employees, which enticed the individuals to click on a provided link. Once activated, the criminals had administrative access to the portals of the banks that received the emails. The hackers then monitored facilities and located the information that they sought. In this case, the data included the methods of how the banks performed transactions and getting access to individual accounts. Investigators reported that the group limited their take to approximately $10 million and then moved onto the next institution. The hackers continued the activity undetected for two years.
Though most people consider $10 million a sizable amount of money, the accounting systems of large banks did not notice. One of the methods used involved falsifying records by increasing the amounts that certain accounts held. The criminals then skimmed substantial amounts of money from the accounts. They then changed the accounts back to display the actual amounts held. They also infiltrated ATM machines and had mules on location to acquire the cash as it was dispensed. The monies accumulated were then deposited in various other institutions.
Preventing Further Devastation
The IT security experts at FireEye report that the average time between an invasion and company detection spans more than 200 days. This provides hackers with plenty of time to obtain crucial information or monies and leave the scene. Corporations need to accept the fact that intrusions will occur. It is just a matter of time. While many feel that stepping up the security credentials of institutions remains important, others hold a different opinion. Chicago-based IT security and Rippleshot Marketing Director Kaleigh Simmons was interviewed about the incident and believes that developing and utilizing better detection methods is vital. Improved detection methods may include:
* Unscheduled internal and external audits
* Implementing AIS software
* Employee monitoring
* Investigating customer complaints
* Performing financial statement analysis
* Monitoring for exceptions
Penetration testing is another method of prevention that evaluates the environment, user input and internal data and logic systems where security issues often exist. The service tests the computer system, network or online applications to uncover possible vulnerabilities that hackers use to gain access. Penetration tests are performed using software or by manual assessments. If corporations detected vulnerabilities and intrusions faster, they could save millions in customer service, card re-issuing fees and fraudulent charges if discovering the incident in the initial stages of the attack.
