The Telegraph is reporting that Kaspersky labs has uncovered “what is thought to be the biggest ever cybercrime with more than £650 million going missing from banks around the world.”
The article relates a number of methods the attackers used to steal $1 billion from more than 100 financial institutions. Our favorite was instructing ATM machines to spit out cash. How did they do it? Clearly, they had to use pretty clever software and knowledge of the banks’ systems. But, not matter how clever they are, the first problem is breaking into the banks systems. How did they infiltrate the banks? How did they learn the inner workings of the banks’ money handling systems? The Telegraph tells us:
The cybercriminals would gain entry to an employee’s system through a process called spear phishing, where they would send an email which appeared to come from a trusted source.
Once the email was opened the malware would infect their system allow the hacker to jump into the bank’s network.
They would then gain access to an administrator’s computer providing video surveillance of everything on in the office.
They were able to monitor the screens of staff that serviced the cash transfer systems and after watching how they operated were able to mimic the process needed to move money around.
This is exactly the process that former FBI Agent Eric Fiterman demonstrates in our blog posting Spearphishing – The Movie.
Once again, we are reminded that deceiving users with spearphishing is an excellent means to infiltrate systems. Without SP Guard, personnel receiving spearphishing emails are left to guesswork in determining if the email should be trusted. That guesswork is made in a decision space that is manipulated by the attacker. WithSP Guard installed, IT is able to provide personnel with real-time identification of trusted senders.
Users will decide which emails to trust. That decision can be guesswork or it can be guided by IT.