According to the New York Times hackers have successfully made away with millions of dollars in one of the largest bank hacks in history. The majority of the targets were in Russia, but banks in Japan, the United States and Europe were also targeted.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record employees’ every move.
The cybercriminals sent their victims infected emails, using a newsclip, URL or message that appeared to come from a colleague to bait them (a.k.a. phishing). When the employee clicked on the email, malware was installed that allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected ATMs.
Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever. “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” said a cybersecurity expert with Kaspersky.
So far, no bank has come forward acknowledging the theft — an issue President Obama addressed at a recent speech he made at Stanford University, where he urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.
This most recent hack is further proof that employees are a key link in the security of a business’ technology infrastructure and company data. The effort to create a security aware culture must include everyone in the company. Teaching employees to be aware of an organization’s security requirements can be one of the most effective ways to enhance the company’s overall security posture. Without end-user training on security best practices and policies, it is impossible to secure your information resources or ensure data privacy.
ACE IT Solutions’ security awareness training was designed to reduce exposure of sensitive information and infection by malware, viruses, spyware, etc. and addresses email security, smart internet browsing, phishing, and cookies. Contact us for more details on our security awareness training for employees.