News | February 16, 2015

Billion Dollar Cyberheist Caused By Phish-Prone Employees

map

KnowBe4 urges US institutions to take effective action to train employees before they fall victim to phishing attacks

In what appears to be one of the largest and most highly sophisticated cyberheists ever, more than 100 financial institutions in 30 countries have been the victim of a cyberheist that lasted in some cases nearly 2 years.  Most of the banks that were hit are in Russia, but also include banks in Japan, Europe, and the United States. The gang appears to be the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. Kaspersky could not release the names of the banks because of nondisclosure agreements. The Times said that The White House and FBI have been briefed on Kaspersky Lab's findings, and Interpol is coordinating an investigation.

Kevin Mitnick, KnowBe4's Chief Hacking Officer said, "Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent."

KnowBe4’s CEO Stu Sjouwerman stated, “While this cyberheist is considered very sophisticated, spear-phishing is one of the most preventable and affordable. You would expect the finance industry to set the bar very high and have employees trained within an inch of their lives not to fall for such an attack. We would highly encourage financial institutions to take a look at their training methods and beef them up accordingly. ”

The gang responsible for this has been dubbed the “ Carbanak cybergang" because of the name of the malware they used. As reported by the NY Times on Saturday, February 14th, the gang managed to stay under the radar and inside bank networks by sending spear-phishing emails to employees containing infected attachments which were opened, infecting the workstation.

Once access was provided the gang tunneled into the network and found employees who were in charge of cash transfer systems or ATMs. Next they installed a remote access Trojan, which gave them full access so they could study what these key employees did. At that point they were able to tell ATMs to dispense cash or transfer larger amounts to accounts all over the world. It appears that well over 100 bank networks (that we know of) have been penetrated for years, and the attacks may still be happening.

According to reports from the Times, one Kaspersky client lost $7.3M through A.T.M. withdrawals alone, while another lost $10M from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

Chris Doggett, of Kaspersky North America, said: "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

According to Dutch securify firm Fox-IT, Carbanak is the same group that was uncovered by Group-IB and Fox-IT in a Dec. 2014 report which referenced the attackers as the “Anunak hackers group” which stole reams of data from Staples, Sheplers and Bebe.

Sjouwerman offered, “Security Awareness Training is really needed for every employee in any organization, not just banks. It allows you to put in place a more effective human firewall and protect your corporate and financial assets.”

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses. For more information, visit www.knowbe4.com

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authoreIn cd three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

SOURCE: KnowBe4, LLC