Before attempting to initiate a fraudulent wire transfer, the intruders would obtain customer account transaction histories, read-up on the proper use of U.S. payment systems and learn or modify bank-specific wire transfer settings. "In at least one instance, actor(s) browsed through multiple accounts, apparently selecting the accounts with the largest balance."
In at least a few instances, the attackers launched distributed denial of service attacks either before or immediately after the wire transfer fraud, apparently to try and distract banks from what was really going on, the FS-ISAC alert said. The alert recommends more than 15 measures that banks can take to mitigate their exposure.
U.S. banks, small businesses and credit unions have been dealing with online wire fraud for several years. In recent years, overseas-based cyber attackers have siphoned out tens of millions of dollars from small businesses, school districts and local governments.
But in most earlier instances, hackers stole login credentials directly from the victims to initiate wire transfers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.