In this blog, we briefly touch on other electronic-related exposures which may not be so well-known as DDoS attacks and fraudulent account takeovers/wire transfers, but are just as common and potentially damaging from a loss perspective, not only to your bank but also your customers.
Website hacking by code injections and MitM campaigns
Google “Website Injection” and you will be amazed at all of the “how to” tutorials widely and easily available to anyone who wants to learn a thing or two on how to hack into websites by manipulating a site’s html coding (SQL, LDAP, etc.) that may be vulnerable or flawed. Typically, this type of hacking or cracking is on websites with older coding, but not necessarily. Utilizing code injection, a hacker can redirect a bank’s web page, like an account login page, to a false site that mimics or is identical to the bank’s real site in order to obtain customer information with the ultimate goal of gaining access to customer accounts online.
Similar to code injection hacking, scmagazine.com posted an article on “man-in-the-middle (MitM)” campaigns, defined as an “attack campaign that involves posing as major organizations.” Stated in the article:“hackers are compromising online banking and social media users…and they are doing it without setting off alerts...The DNS changes point to the hacker’s clandestine DNS name server so that users are directed to proxy servers instead of legitimate sites…the malware also installs ‘a root certificate for a rogue [Certificate Authority]’ so that the user is not alerted by error warnings.” (source: www.scmagazine.com, “MitM attackers posing as banks, other major groups, tough to detect” by Adam Greenberg, March 26, 2014)
The article goes on to state that these MitM attacks typically start off with the usual culprit–spam emails. The theft is typically not noticed until the victimized customer receives a notice from his/her bank that an account is overdrawn.
For example, we became aware of a real scenario in which an individual went to access his bank accounts online. The bank’s website, from all appearances, seemed to be legitimate—the bank’s logo, brand, layout, etc., appeared normal–nothing looked out of place. However, it was during log-in that the process did not seem right. Windows were appearing, requesting personal information that seemed out-of-the-norm. The individual immediately stopped and contacted the bank, pointing out that a lot of personal information was being requested. The bank quickly researched and found that indeed its website had been hacked. Had the individual not been savvy enough to recognize the warning signs, not only would the criminals have gotten his password to access his accounts, but also would have gained enough personal information to go further with their criminal activity, stealing his identity in order to commit additional fraud and theft. It’s unknown if other customers fell victim to this scheme, supplying the thieves with the information that they needed, but one can only imagine the potential overall claims, costs, losses and damages not only to the bank’s customers, but to the bank and its public reputation as well.
Evolution of ATM skimmers
No longer are skimmers designed to cover or be inserted into just the card slot of an ATM. In 2013, a skimmer was discovered on a Brazilian bank’s ATM which completely encased the front of the real cash machine. The cleverness and complexity of the designs as well as the number of different skimmers are astounding. On his computer security and cybercrime blog, krebsonsecurity.com, Brian Krebs includes pictures and descriptions not only of the fake Brazilian ATM mask, but also of multiple other ATM skimmers which have been used or are in use by criminals. Check out krebsonsecurity.com/category/all-about-skimmers to learn more about ATM skimmers.
The holding of accounts, websites and computers as virtual hostages is rising in popularity with the criminal world.
Ransomware is basically online extortion via malware restricting access to the infected system and holding it hostage. The hacker–either an individual or a group–then demands a ransom to be paid, usually by virtual currency, like Bitcoin, for its release back to the victim via a decryption key, such as a code to unlock or decrypt the files. Virtual currency is the preferred method of payment because of the anonymity provided—tracing the perpetrator is nearly impossible.
Cryptolocker is one of the latest and more well-known ransomware programs being used. As with other malware, it is typically spread through phishing email attachments.
The use of virtual currency is an issue with this type of scam. Not many people are currently using virtual currency, so unless other payment options are acceptable to the criminal, the criminal does not get paid; therefore, the victim is potentially locked out of their system, files or accounts forever, with little or no possible way to get them back.
To help prevent these losses from occurring, remind your staff and customers to continually be vigilant.
Some simple guidelines:
- Be current with security patches and anti-virus software.
- Be careful when clicking on links or opening attachments in emails, especially any which are unsolicited. Basic rule of thumb: Do so only if you feel or know for sure that the email is legitimate and from a known and reputable source.
- With ATMs or online account login, if something looks even slightly out of place or the process seems irregular, discontinue the process. Contact bank representatives immediately to alert them of possible criminal tampering and fraudulent activity.
Any discussion relating to policy language and/or coverage requirements is non-exhaustive and provided for informational purposes only. For details on coverage provided by your specific policy, please refer to your policy.