The National Bank of Blacksburg lost $2.4 million in a series of cyber-attacks that affected the firm’s STAR ATM and debit networks after an employee fell for a phishing scam email, allowing hackers to compromise the firm’s internal networks.

According to The National Bank’s latest earnings statement, the firm was hit by two separate cyber-attacks; in May 2016 and January of 2017. During this time hackers managed to infiltrate an internal workstation by leveraging a phishing email and a weaponized Microsoft Word document. The intruders were then able to successfully install malware and located a machine on the network that had access to the STAR network.

STAR allows U.S. banks to give their customers access to debit card and ATM transactions. According to court documents, with access to the network, intruders were able to “change customer account balances, monitor network communications, remove critical security measures, conduct keystroke tracking, and enter and/or change electronic data and computer programs on National Bank’s computer systems, which allowed the attackers to illegally withdraw funds from accounts belonging to National Bank customers, post fake deposits and remove illegal transactions from customer accounts”.

Hackers were able to make withdrawals at hundreds of ATMS, leading experts to believe this was a highly coordinated attack.

The bank has since filed a claim with its insurance carrier Everest National Insurance Company over coverage of losses. Everest determined that both security incidents should be treated as one intrusion, limiting National Bank’s liability for losses to a maximum of $500,000 total.

Hackers have been targeting interbank and multi-bank infrastructures for quite some time now. Some of the most recent attacks include the infamous Bangladesh Central Bank robbery of 2016 that targeted the SWIFT network and allowed hackers to steal $81 million and the more recent attack at Banco de Chile where hackers managed to get away with $10 million.

To combat this growing threat, financial institutions must ensure hardening measures and user access controls are being enforced and also introduce solutions that can detect the presence of malware. Any configuration drift or breach activity needs to be alerted in real time to ward off threats and potentially catastrophic damage. While all compliance and regulatory standards require a hardened build standard, control of user rights and change control is too focused on fighting external threats, when the internal threat is potentially more significant.

It’s important to note that these kinds of attacks require specialized knowledge to understand how activity is logged and what steps must be taken in order to manipulate and purge the logs so if at all available, hackers turn to malicious insiders to make the attack even easier and generally more worthwhile.

File Integrity Monitoring is proven to drastically decrease the risk of security breaches, raising an alert related to any change made in core file systems or configuration settings. The potential breach is detected regardless of whether it’s been instigated by an insider or an unwittingly phished employee. Click here if you’re interested in learning about NNT’s forensic level File Integrity Monitoring solution.

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.