In September, anonymous attackers launched crippling Distributed Denial-of-Service (DDoS) cyber attacks on prominent U.S. banks. And, it’s believed the same attackers are installing malware on the computers of SMBs, local governments and others to gain access to their bank accounts and make unauthorized transfers to accounts overseas.
JPMorgan, Citigroup, Bank of America, Wells Fargo, U.S. Bancorp and PNC got hit with DDoS attacks that flooded their websites with unusually high volumes of Internet traffic, higher than your average DDoS attack. Customers were unable to access their accounts online for significant periods of time – in some cases, for hours.
But that’s not the only cause for concern.
Who’s at risk
Government agencies are sounding the alarm that once again, IT managers need to be on high alert: the nation’s big banks aren’t the only institutions being targeted. They say, as part of the same campaign, cyber attackers are installing malware on the computers of small and medium-sized businesses, school districts, municipalities, small banks and credit unions to gain access to their bank accounts.
In fact, just last week hackers broke into the computer systems of Burlington, WA, and siphoned off $400,000 from its bank account at Bank of America. The bank account information of hundreds of employees and residents was also compromised.
No one seems to know for sure who’s responsible for the cyber attacks, even though it’s clear the responsible party has dedicated a lot of time and effort to planning and preparation. The scale and sophistication of the attacks has many experts pointing to a state actor, not a criminal gang.
Underground chatter indicates banks and others need to be on the look out for cyber attackers attempting to steal usernames and passwords they can use to conduct more illegal wire transfers. Among the most common threats: spam, phishing emails, Remote Access Trojans and keystroke loggers.
Urgent steps to take now
Here are four steps IT managers can take now to protect their companies’ finances:
- Make sure all Internet browsers are updated
- Reeducate users about how to recognize common threats, such as spear phishing emails
- Warn your company’s Finance and Accounting staff to watch for suspicious activity on bank accounts, and
- Dedicate one computer in the office for online banking only, no email or web browsing, and boot from a Live CD when you need to log on to your bank account