Hackers Use Patience, Persistence and Patsies to Fleece Banks for Hundreds of Millions
Banks and other financial institutions will always hold special allure for hackers, and with the exposé published in The New York Times last week, it looks like at least one organized group of cyber criminals has had great success plying their trade against them. GDF’s founder talks about the importance of social engineering awareness and stresses the necessity to test for resident threats early and often to help guard against threats like these.
Last weekend, on Valentines’ Day, The New York Times reported on revelations made by a prominent Russian Security firm about an organized cybercrime ring, dubbed the “Carbanak cybergang,” who they claim conducted a sophisticated long-term cyber-heist involving over 100 banks and financial institutions in over 30 countries, with a haul estimated to be anywhere in the range of $300 million to triple that figure.
“It sounds like something out of a Hollywood script,” says Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, “but when you consider most of the world’s wealth today exists exclusively in 1s and 0s, is it really any wonder there are thieves out there licking their chops and hatching sophisticated plans to get their hands on some of it, and that there are some with the skills and determination to see it through? The truth is the balance always tilts towards the attacker in the cyber world – security personnel have millions of holes to plug, but attackers only need to find one.”
The lure of easy money never fades
“Turning data into a cash is typically not instantaneous for hackers,” says Caruso, “buyers have to be found, currency has to get exchanged, and it all has to be done while remaining anonymous to avoid detection at every step. But if hackers can heist hard currency straight from a golden goose and remain undetected, that’s like a hitting the mega jackpot, with free pulls again the next day. These kinds of thieves don’t need to figure out how to lug gold bars out of a vault, they just need to manipulate data the right way and presto, they can just have the bank deliver it to their account, or better yet, just start spitting it out in cash at an ATM whenever they’re ready for it, all without tripping a single alarm. But before any of that black magic can happen, a few things are needed.”
Even the most sophisticated cyber attacks usually have humble beginnings
“First and foremost, attackers need to find a way to get their foot in the door, and they have two choices,” says Caruso. “Either they can try to wade their way through a tangled web of stiff security measures, or they can find a human patsy to fool into unwittingly giving them the keys to the castle so they can walk right in the front gate. That’s what makes social engineering attacks like phishing and spear phishing campaigns so dangerous for organizations and so preferred by hackers, it only takes one person on the inside to bite on the bait and the enemy is in, doing reconnaissance and laying the groundwork for a large-scale attack. From there it’s all about stealth, persistence and patience.”
“Our vulnerability assessments and penetration testing plans are designed to find weak links in the security chain, raise awareness enterprise wide against social engineering ploys hackers commonly rely on, and uncover any existing and/or resident threats and thoroughly eradicate them, all with an eye on the appropriate regulatory compliance issues many clients face in their industries, like GLB (Gramm Leach Bliley) compliance for the financial industry for instance. From proactive solutions to help thwart today’s cyber threats, to a proven track record as emergency incident responders, we certainly have plenty of experience helping financial clients navigate not only the dangerous cyber threat landscape they face on a daily basis, but all the potential pitfalls and headaches that can arise should the unthinkable happen and a breach is successful. We can customize solutions to fit any client’s real needs, it’s just a matter of picking up the phone to get the ball rolling – with sooner being far better than later when it comes to combatting cyber threats.”
GDF can help
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.