Recently, Brian Krebs, has been posting a lot about companies losing money to hackers who have money mules transferring stolen funds all over the globe (mostly to Eastern Europe it seems). The hack is pretty simple. A user with a vulnerable endpoint gets hit with the Zeus Trojan or a variant by viewing a compromised site. The endpoint can then pass on the infection to other endpoints on the network. Once it infects an endpoint that accesses the companies bank accounts the fun begins. The hackers setup many sub $10,000 dollar transfers to the mule accounts and then have the mules wire them the money.
Recently one infected machine at a Michigan Insurance firm cost them $150,000. That is a lot of money to lose (they are working with their bank to recover it but that usually only ends poorly) for not having an up to date machine. One bad hack can make you realize that a good security setup is much cheaper in the long run.
The second part of the story that I found interesting is that the bank would use “two factor” authentication by having the customer enter their user name and password, and then answer a security question. The President of the Insurance firm says “They had some very detailed information. [The thieves] knew our patterns, they knew our passwords, my mother’s middle name, favorite sports team. And this is all information I don’t even have written down anywhere.” So what he is saying is that it is impossible to find out his mother’s middle name online doing a quick search? Or that he hasn’t worn a jersey of his favorite sports team in some picture that has been tagged with his name on facebook? And that is assuming that the hackers even entered that information. The bank says they see someone enter it but it could be from a compromised machine with someone legitimately logging in and the hackers are just piggy backing.
Hackers don’t play these elaborate bank heists that require years of training and some elite knowledge that only they possess. They just wait until some lazy user goes to a compromised web site and gets infected with their Trojan. Then it is game, set and match.
