This series focuses on how small to mid-sized enterprises manage common threats within a 24-hour period. In this installment, we learn how one SME fixes its online transaction attack crisis and prevents future ones from happening.
Joe Green, comptroller at Epic Money Loss Recording Studios, arrived at work and immediately started preparing for his busy day. Payday occurred two days ago, and Joe wanted to make sure the transaction had gone smoothly so he logged on to his business’ bank account and verified the balance.
Something was amiss. His account was $46,570 short. Immediately he contacted his bank with the discrepancy, and after a long conversation they began the process of recovering the stolen money.
The process involved getting a hold of each bank that received the stolen funds. (In this case, the money was split between nine thieves, so nine banks had to be contacted.) While Joe’s bank was quick to help out, the other banks weren’t as helpful.
’It was so frustrating, there were all these forms that had to be filled out and faxed back to each bank—who even uses fax machines anymore?’ Joe said. ’And the forms all asked the same questions but had to be filled out each time by hand; it sidetracked my entire day.’
In the end, even with Joe quickly determining the problem and his swift action, he was only able to recover $37,000 of the stolen money.
Recovering the money however was not Joe’s top priority. He found it even more important to make sure that it never happened again. Through his investigation, he realized that the mighty ZeuS Trojan had breached his work computer’s security defenses; and, an hour after making payroll two days before, thieves had logged into Joe’s bank again, through his computer.
The hackers poked around a bit, casing the joint. They looked at recent transactions, found trends in Joe’s banking activities and logged back out. Then they waited a day; there was no hurry, they had plenty of other safes to crack.
The next day, the thieves logged back in and thoughtfully expanded Joe’s business by creating nine new employees, paying them a total of $57,000. They made sure to intercept and delete all of the confirmation emails from the bank that were sent to Joe’s work email account (on his work computer, that was currently breached), and then they logged back out and disappeared (without a trace). The $57,000 was distributed amongst money mules and the thieves sat back to await the influx of their ill-gotten gains.
As clearly demonstrated by Joe, it is not sufficient to rely on the banks authentication procedures to secure online transactions. Many exploits make use of a simple keystroke logger and remote access to allow a direct connection to a computer that is already ’trusted’ on the bank’s website. Other exploits allow users to piggyback onto a user’s secure connection and remain connected after he or she logs off. The need for increased security protocols exists not only with the bank or the business; it lies at the consumer level as well.
Here are some recommendations:
Banks, financial institutions, vendors, merchants, and all organizations involved in online merchandising are finding an increased need to ensure their transactions are secure. It is equally important for their clients to secure their equipment themselves. Hackers, like all other predators will attack the weakest prey. Keep your security measures strong so they have to find another victim.
By Nathan Darling