Russian Sucurity company Kaspersky, and the Dutch consultancy Fox-IT, have reviealed the existance of a Bank scam whereby it is estimared that about $1 Bln have been siphoned off.
Roughly 100 Banks mostly though Russia, China and Ukraine, but also UK and USA, are said to have been affected. The initial hack has been deterined to have been purpurtrated via malware likeley to have been transmitted in unsolicited or fraudulent emails. Once the malware had been unitentionally installed by bank staff it allowed the hackers remote access to Banks networks so they could transfer funds to bogus accounts that had been setup remotely. The frauds were also enacted by remote manipulation of ATM machines, which could be set to spout cash like waterfallls into the hands of waiting accomplices.
The attack have been facilitated by the lack of cyber secuity awareness on the part of the Banks and their personel at all levels including their IT staff. Effective spam filters should be in place stopping the majority of unwanted emails, anti-virus software at all computers and servers involved should be uptodate including malware filters blocking suspicious and fraudulent but genuine looking websites, operating systems should be modern and secutrity flaws patched uptodate. Further than this one would expect network monitoring and Intruder Detection sytems to be in place. But most critical is the awareness and security training of the front line staff involved.
One would expect that recognising their high attack profile Banks were amoung the leaders in cyber protection, not amoung the lagards. ATMs still using out of date Windows XP is a very unfunny joke.
No comments:
Post a Comment