The National Bank of Blacksburg lost $2.4 million in a series of cyber-attacks that affected the firm’s STAR ATM and debit networks after an employee fell for a phishing scam email, allowing hackers to compromise the firm’s internal networks.
According to The National Bank’s latest earnings statement, the firm was hit by two separate cyber-attacks; in May 2016 and January of 2017. During this time hackers managed to infiltrate an internal workstation by leveraging a phishing email and a weaponized Microsoft Word document. The intruders were then able to successfully install malware and located a machine on the network that had access to the STAR network.
STAR allows U.S. banks to give their customers access to debit card and ATM transactions. According to court documents, with access to the network, intruders were able to “change customer account balances, monitor network communications, remove critical security measures, conduct keystroke tracking, and enter and/or change electronic data and computer programs on National Bank’s computer systems, which allowed the attackers to illegally withdraw funds from accounts belonging to National Bank customers, post fake deposits and remove illegal transactions from customer accounts”.
Hackers were able to make withdrawals at hundreds of ATMS, leading experts to believe this was a highly coordinated attack.
The bank has since filed a claim with its insurance carrier Everest National Insurance Company over coverage of losses. Everest determined that both security incidents should be treated as one intrusion, limiting National Bank’s liability for losses to a maximum of $500,000 total.
Hackers have been targeting interbank and multi-bank infrastructures for quite some time now. Some of the most recent attacks include the infamous Bangladesh Central Bank robbery of 2016 that targeted the SWIFT network and allowed hackers to steal $81 million and the more recent attack at Banco de Chile where hackers managed to get away with $10 million.
To combat this growing threat, financial institutions must ensure hardening measures and user access controls are being enforced and also introduce solutions that can detect the presence of malware. Any configuration drift or breach activity needs to be alerted in real time to ward off threats and potentially catastrophic damage. While all compliance and regulatory standards require a hardened build standard, control of user rights and change control is too focused on fighting external threats, when the internal threat is potentially more significant.
It’s important to note that these kinds of attacks require specialized knowledge to understand how activity is logged and what steps must be taken in order to manipulate and purge the logs so if at all available, hackers turn to malicious insiders to make the attack even easier and generally more worthwhile.
File Integrity Monitoring is proven to drastically decrease the risk of security breaches, raising an alert related to any change made in core file systems or configuration settings. The potential breach is detected regardless of whether it’s been instigated by an insider or an unwittingly phished employee. Click here if you’re interested in learning about NNT’s forensic level File Integrity Monitoring solution.