Cybercriminals continue to be relentless when it comes to breaking the law and getting what they want. They definitely take to heart the saying, “if at first you don’t succeed, try, try again”. These new tactics require diligence and extreme patience, and these criminals are proving they have both in abundance. Many researchers have warned for years that these new attacks will slowly come down the pipeline and it now looks like that time has arrived.
Kaspersky Lab recently held their annual Security Analyst Summit. What they discovered were three new attacks that were launched against Russian banks in 2015 and were successful in stealing millions of dollars. Below are the three new and improved attacks to be aware of in 2016.
Metel also known as Corkow
This malware uses phishing emails to gain access. How it works: Attackers send the emails to employees of the banks and wait until someone takes the bait. Once the attackers are in the bank’s network, they locate the systems that control transactions. The attackers then reverse ATM transactions for specific debit cards,then they drive around making withdrawals from different ATM machines. This scam is hard to detect because they have manipulated the system so the account balance never change.
Like other malware, this one also uses spear phishing emails to get into the network. How it works: The attackers are able to gain access my attaching malicious documents to the spear phishing email. They target the devices of HR and accounting specialists and then wait until the system administrator logs into the system. Sometimes they crash Microsoft Word program or the software used for accounting, requiring the user to call their helpdesk for assistance. Once the system administrator logs in to solve the problem, the attackers steal the admin’s password.
This malware is one of many advanced persistent threats (APT) and is not new but is improved. This particular malware is also done through phishing emails. The attackers are not trying to gain access to data, but to money. How it works: The attackers manipulate their access to the bank’s network and steal money in multiple ways. One way that has been reported is by gaining access to the systems that house shareholders’ information, changing the ownership of a company, then naming the criminal as a shareholder.
Financial organizations have to remain vigilant. Phishing scams are constantly evolving and that is more than clear based on the above malwares. Phishing has been extremely profitable for many cybercriminals. You do not want to fall victim and one day accidentally invite cybercriminals into your office. Be sure to take a thorough look at links and emails received before opening. If something looks amiss, shut down your computer and Internet connection immediately. And always update your antivirus software, operating system and browser on a regular basis.