The infamous Carbanak cybergang was uncovered in 2015 after its members had stolen more than $1 billion from over 100 banks worldwide. Notably, the group began each cyber-heist with a simple spear phishing attack aimed at individual employee computers.
All it took for the heist to work was one employee clicking on an infected email link or attachment. This click would inject malware into that one computer which, in turn, infiltrated the internal network and installed information-gathering spyware on administrative computers. From there, it was relatively simple for the attackers to mimic the bank clerks’ activities, allowing them to hijack e-payment systems, inflate internal account balances and even program ATMs to dispense cash.
Fiendishly clever? Yes. Surprisingly easy for the thieves to execute? Yes, again. Let’s look at some lessons your credit union can learn from such a simple but effective attack.
We want to note that we believe in the points we are about to make in this article because we do them ourselves. At PSCU and its consulting group, Advisors Plus, we emphasize employee education, implement proper vendor controls and create easily understood information protection policies. Each of these has proven to be a cost-effective, common-sense way to protect information and financial assets.
continue reading »