FBI Cautions Online-Crooks Attacking Bank Computers for Illicit Wire-Transfers
The United States Federal Bureau of Investigation is cautioning everyone about online hackers who're attacking computers belonging to credit unions and banks for dispatching illegitimate wire-transfers that value several thousand dollars to foreign countries, so published thehill.com dated September 18, 2012.
Elaborating on its fraud alert the FBI issued dated 17th September 2012, the bureau indicates that it has detected one fresh trend whereby online-crooks are employing common intrusion means like keystroke loggers, spear-phishing or spam mails for compromising the PC accounts of bank employees followed with capturing their login details. Once captured, these login details enable the hackers to gain admission into the internal networks of different banks as also intermediate parties' systems and subsequently carry out illegal wire-transfers.
Also according to the FBI, the mentioned unauthorized wire-transactions have been between USD400K (EUR320K) and USD900K (EUR720K), with the victims generally being credit unions or banks of small-and-medium scales, albeit the fraudulent operations target some of the big players too.
It's reported that during a few of the hacking occurrences, the victims (financial institutions) experienced DDoS assaults prior to the unauthorized transactions as well as after the same. These assaults were on the targets' Internet banking/public websites with the aim to distract attention from the main hacking attack. A particular botnet through which such assaults were performed is "Dirtjumper" a saleable toolkit for designing crime-ware, available on criminal websites at a price of USD200 (EUR160).
However, for averting such incidences that can disrupt the operation as well as trustworthiness of credit companies and banking institutions, the Internet Crime Complaint Center (IC3) suggests the institutions for spreading awareness among their employees about not clicking suspicious-appearing web-links or viewing dubious attachments that can otherwise be dangerous.
Furthermore, organization policies should be framed that prevent staffers from gaining admission into admin accounts from personal computers, while making them cautious regarding whatever matter they try to reach through computers that initiate payments.
In addition, FBI recommends use of anti-malware software, careful handling of Universal Serial Bus (USB) devices, restricting limit settings of wire-transfers that are accessed, and keeping watch on computers for spikes or logins within web-traffic.
» SPAMfighter News - 24-09-2012