FBI warns financial institutions are being highly targeted by fraudsters

The FBI today said cybercriminals have recently stepped up efforts to steal money and gain access to banks and other financial institutions using spam, phishing emails, keystroke loggers and Remote Access Trojans (RAT).

Specifically, the fraudsters are looking to compromise financial institution networks and obtain employee login credentials. The stolen credentials are used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the criminals raised the wire transfer limit on the customer's account to allow for a larger transfer. In most of the identified wire transfer failures, the perpetrators were only unsuccessful because they entered the intended account information incorrectly, the FBI stated.

IN OTHER NEWS: Greatest hits: When space and music collide

In the bank fraud, the FBI said cybercriminals "used spam and phishing e-mails to target their victims. Once compromised, keyloggers and RATs installed on the financial institution employee's computer provided the attackers with complete access to internal networks and logins to third party systems. Variants of Zeus malware were used to steal the employee's credentials in a few reported incidents. In some instances, the [attackers] stole multiple employee credentials or administrative credentials to third party services and were able to circumvent authentication methods used by the financial institution(s) to deter fraudulent activity. This allowed the intruders to handle all aspects of a wire transaction, including the approval. The unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours using the stolen financial institution employees' credentials. In at least one instance, attackers browsed through multiple accounts, apparently selecting the accounts with the largest balance."

The FBI made a number of recommendations for financial institutions to help prevent security problems:

" Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited emails.

" Do not allow employees to access personal or work emails on the same computers used to initiate payments.

" Do not allow employees to access the Internet freely on the same computers used to initiate payments.

" Do not allow employees to access administrative accounts from home computers or laptops connected to home networks.

" Ensure employees do not leave USB tokens in computers used to connect to payment systems.

" Review anti-malware defenses and ensure the use of reputation based content and website access filters.

" Ensure that workstations utilize host-based IPS technology and/or application whitelisting to prevent the execution of unauthorized programs.

" Monitor employee logins that occur outside of normal business hours.

" Consider implementing time-of-day login restrictions for the employee accounts with access to payment systems.

" Restrict access to wire transfer limit settings.

" Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers.

" If wire transfer anomaly detection systems are used, consider changing "rules" to detect this type of attack and, if possible, create alerts to notify bank administrators if wire transfer limits are modified.

" Secure and/or store manuals offline or restrict access to the training system manuals with further security, such as enhanced access controls and/or segregation from the payment systems themselves.

" Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected, the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized.

" Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute.

" Limit systems from which credentials used for wire authorization can be utilized.

Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts