The escalating incidents of financial cybercrime | ALC Training News

  • No comments

On November 8, 2008, the world of financial cybercrime changed forever.

According to the Federal Bureau of Investigation (FBI), within the space of just 12 hours a team of hackers and 'cashers' – thieves employed by the hackers – targeted more than 2,100 automated teller machines (ATM) worldwide. After the electronic dust had settled, the amount of stolen funds exceeded US $9 million.

A year later, the FBI Cyber Division commented on the heist.

"It was a highly sophisticated and cleverly orchestrated crime plot," they wrote, "and unlike any we've ever seen before."

So how exactly did a team of only three 20-something European hackers in separate countries manage to pull off an attack that redefined cybercrime?

"The end user remains the weakest link in the chain during an online transaction."

The timeline of the attack

When a Moldova-based hacker discovered an exploit that enabled him to access the computer network of a credit card company, he forwarded this information to an Estonian hacker.

After investigating the weakness of the network to the exploit, the Estonian passed this information to another hacker based in Russia.

With the exploit tested, the Russian and a small team of associates compromised the network of the credit card company and began raising the withdrawal limits of prepaid payroll debit cards. After the limits had been set and card PIN codes reverse-engineered from the network, the hackers deployed their team of cashers to extract the funds from over 2,000 ATMs.

Just 12 hours later, and using only 44 cards in total, the criminal team walked away with the staggering $9 million sum.

Financial cybercrime rises

While 2008 marked the moment that cybercrime on a worldwide scale was brought to the public attention, the following years only showed an increase in financial institutions being compromised.

Recent news reports show that hackers are no longer looking at figures in the millions as a challenge. One event in Bangladesh saw a spelling error stop hackers in their tracks: the spelling of 'foundation' as 'fandation' prevented cybercriminals from stealing over US $1 billion.

With this in mind, the approach toward information security training needed to evolve with the methods employed by hackers. 

In February 2016, the Australian Communications and Media Authority (ACMA) released a warning to users of online banking software and applications indicating that hackers were using fake SMS messages to trick individuals into revealing sensitive information.

One of the most effective ways to protect yourself is to understand the use of social engineering, and how hackers deploy this tactic when committing cybercrime. 

Identifying social engineering techniques can keep your money safe.Identifying social engineering techniques can keep you safe from cybercrime.

The rise of social engineering

According to a report released by Symantec Security Systems, the number of financial malware software or trojans that were detected in 2015 decreased from 2014 by over 70 per cent. While the exact reasoning behind this remains of a mystery, improved security software has resulted in technical exploits becoming less and less viable. So who or what is the biggest risk? 

"The end user remains the weakest link in the chain during an online transaction," the Symantec report says.

Social engineering, or the psychological manipulation of another human to have them perform an action or reveal information, is one of the most effective methods used by hackers and cybercriminals in their mission to extract information or gain access to a network. 

ALC Training offers its Information Security Awareness Programme, a unique training course covering social engineering, identity theft and email-based threats including worms and viruses in attachments.

Ensuring the online security of your employees is crucial to the success and health of your network. The appropriate IT training security training course can arm your company with the tools needed to identify a cyberattack before it can compromise your system.

For more information on our information security programmes along with our extensive range of ITIL, COBIT 5 and PRINCE2 courses, reach out to ALC Training today. 

ALC Group