Heist through the internet
According to US Attorney Loretta Lynch, “This was indeed the largest theft of this type that we have yet seen. This was a 21st century bank heist that reached through the Internet to span the globe. But, instead of guns and masks, this cybercrime organization used laptops and malware.”
According to George Tubin, Senior Security Strategist, Trusteer, “It appears the criminals in this case used advanced malware to breach the corporate network of two unnamed credit card processors that process prepaid debit card transactions. This type of breach almost always starts with an employee PC being compromised with malware in order to gain a foothold into the corporate network. Once inside the corporate network, the criminals can do what they want – and this massive heist clearly demonstrates the free reign afforded the cybercriminals to alter highly sensitive, highly protected information to ultimately steal USD45 million. Despite using market-leading endpoint and network protection solutions most large enterprises are (knowingly or unknowingly) still breached by advanced malware.”
Tubin continued, “The only way to prevent these attacks is to prevent advanced, information-stealing malware from compromising employee endpoints – the weakest link in the security chain – and then moving the attack inside the corporate network. Corporate breaches can only be prevented by stopping malicious files from invisibly sneaking onto employee computers through both unknown and unfixed software flaws (aka, vulnerabilities). Because, once malware infects the user’s computer, it’s game over.”
“While this particular crime was highly visible due to the stolen funds, many corporate breaches go unnoticed as sensitive corporate data and highly valuable intellectual property are siphoned electronically out of the corporate network”, he said.
Related reading
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more
Trusteer comment on recent USD45m ATM Cyber-Heist
Heist through the internet
According to US Attorney Loretta Lynch, “This was indeed the largest theft of this type that we have yet seen. This was a 21st century bank heist that reached through the Internet to span the globe. But, instead of guns and masks, this cybercrime organization used laptops and malware.”
According to George Tubin, Senior Security Strategist, Trusteer, “It appears the criminals in this case used advanced malware to breach the corporate network of two unnamed credit card processors that process prepaid debit card transactions. This type of breach almost always starts with an employee PC being compromised with malware in order to gain a foothold into the corporate network. Once inside the corporate network, the criminals can do what they want – and this massive heist clearly demonstrates the free reign afforded the cybercriminals to alter highly sensitive, highly protected information to ultimately steal USD45 million. Despite using market-leading endpoint and network protection solutions most large enterprises are (knowingly or unknowingly) still breached by advanced malware.”
Tubin continued, “The only way to prevent these attacks is to prevent advanced, information-stealing malware from compromising employee endpoints – the weakest link in the security chain – and then moving the attack inside the corporate network. Corporate breaches can only be prevented by stopping malicious files from invisibly sneaking onto employee computers through both unknown and unfixed software flaws (aka, vulnerabilities). Because, once malware infects the user’s computer, it’s game over.”
“While this particular crime was highly visible due to the stolen funds, many corporate breaches go unnoticed as sensitive corporate data and highly valuable intellectual property are siphoned electronically out of the corporate network”, he said.
Whitepaper
Whitepapers
The challenger banks are picking up steam. But are they safe from financial criminals?
PPROs Western Europe Payments Report
Simplicity, Automation, Transparency – the Essentials for Payments and Banking
Fighting Fraud with Distributed Ledger Technology
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more
Leave a comment
PE_sitewide_sidebar1_300x250
Featured Innovators
Events
PaymentEye_BTF_MPU_300x250