<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

How Hackers Stole Millions from Banks All Over the World

The process of how cyber criminals stole millions:

First the hackers performed a phishing attack. 

They got the e-mails of the banks executives that have authority to handle loans and transfers and sent an email with a banking related document attached, such as a loan or credit request. The trick was that the attachment had an attack sublayer or malware embedded. After the bank employee opened the seemingly regular document, the malware was loaded and the first stage was complete.

They now had a window into the inner workings of that bank.

With their malware loaded, the blackhats could see passwords, documents, transactions and transfers. They could even find out who had the authority to approve transfers and ATM management!

The intelligence phase started.

Some examples of malware that phishers use are Anunak, ZBerp and Bredolab.

A system like ZBerp (a combination of the Zeus Trojan and the Carberp malware) has both Trojan and Botnet capabilities – it has the ability to steal data submitted in a compromised system like HTTP forms, SSL Certifcates, FTP and POP account credentials. It is usable in POS systems and banking software and is available on the Dark Web for an average of $5,000.00 per copy.

So every time the bankers processed a loan or transfer the hackers got a complete copy of the transaction - including screen shots, passwords and processes.

Then the criminals collected.

This combined Trojan and Botnet attack also allowed them to take remote control of the banks computers and process their own nefarious transactions. The result is that the attackers now can transfer money into fraudulent bank accounts created by them at will. The hackers got rich using the electronic transfer methods to send money to other banks and institutions anywhere in the world. 

They can send money to internet financial institutions like BitCoin. They also directed and attacked the banks ATMs to dispense cash anytime they needed it or on a one-time basis without anyone catching them.

IT Security threat detection

The recent attack on hundreds of world banks netted the hackers 100’s of millions to billions of dollars.

The Financial Services Information Sharing and Analysis Center (https://www.fsisac.com/), a nonprofit monitoring organization that alerts members and corporations like banks about hacking activity, said in a recent statement that its members received a briefing about the report in January.

The actual total of losses has been kept secret but most attacks seem to have stopped at $10M or 9.1M Euros per financial institution. The estimates have gone on to say that, potentially, billions were stolen from hundreds of banks worldwide.

It is really a simple case of low-to-no visibility, resulting in attacks and data theft.

A network security manager with total network visibility via network taps should have easily seen:

  • Data/traffic load change
  • New and aberrant outside IP addresses (foreign traffic)
  • Large file transfers carrying the screen shots and documents from inside to outside
  • Users from outside the internal secure network creating internal documents
  • Off hours of usage
  • ATM commands coming from the outside

Also, physical discovery methods should have played a bigger role. A regular audit of fund transfers would show unusual transfers.

Here is another real world situation where network managers needed real visibility into their network and the success of the hackers empirically shows why network visibility is not a nice to have but a need to have.

Remember – it is not “if” you will be attacked but “when” you will be attacked. Are you ready to see the aberrant network behavior brought on by an attack or are you willing to just ignore and allow an unanswered attack on your network? 

IT security garland Technology tool deployment

Written by Tim O'Neill

As the Senior Technology Consultant & Chief Editor at LoveMyTool, Tim O’Neill has over 45 years of technology experience at data/voice and video networking analysis companies, including successful senior roles in Sales, Product Design, Marketing Management, Business Development and Security.

Authors

Topics

Sign Up for Blog Updates