September 18, 2012, 1:53 PM — The FBI today said cybercriminals have recently stepped up efforts to steal money and gain access to banks and other financial institutions using spam, phishing emails, keystroke loggers and Remote Access Trojans (RAT).
Specifically, the fraudsters are looking to compromise financial institution networks and obtain employee login credentials. The stolen credentials are used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the criminals raised the wire transfer limit on the customer's account to allow for a larger transfer. In most of the identified wire transfer failures, the perpetrators were only unsuccessful because they entered the intended account information incorrectly, the FBI stated.
IN OTHER NEWS: Greatest hits: When space and music collide
In the bank fraud, the FBI said cybercriminals "used spam and phishing e-mails to target their victims. Once compromised, keyloggers and RATs installed on the financial institution employee's computer provided the attackers with complete access to internal networks and logins to third party systems. Variants of Zeus malware were used to steal the employee's credentials in a few reported incidents. In some instances, the [attackers] stole multiple employee credentials or administrative credentials to third party services and were able to circumvent authentication methods used by the financial institution(s) to deter fraudulent activity. This allowed the intruders to handle all aspects of a wire transaction, including the approval. The unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours using the stolen financial institution employees' credentials. In at least one instance, attackers browsed through multiple accounts, apparently selecting the accounts with the largest balance."
The FBI made a number of recommendations for financial institutions to help prevent security problems:
" Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited emails.
" Do not allow employees to access personal or work emails on the same computers used to initiate payments.
" Do not allow employees to access the Internet freely on the same computers used to initiate payments.
" Do not allow employees to access administrative accounts from home computers or laptops connected to home networks.
" Ensure employees do not leave USB tokens in computers used to connect to payment systems.
" Review anti-malware defenses and ensure the use of reputation based content and website access filters.