Cyberthieves loot SMBs, transfer millions to firms in China, FBI warns
More than $11M stolen from 20 businesses in past month
Computerworld - Some U.S. companies may unwittingly be helping to provide millions of dollars in illicit financing to businesses in China.
An alert (download PDF) from the FBI and the Financial Services Information Sharing and Analysis Center (FS-ISAC) this week warned small and midsize U.S. businesses to be on the lookout for online account takeovers and fraudulent Automated Clearing House (ACH) transactions.
The warning comes in the wake of a rash of recent incidents in which online bank accounts belonging to small and midsize businesses (SMB) were hijacked and money from them was stolen and transferred to accounts apparently held by several legitimate businesses in China's Heilongjiang province along the Russian border.
Between March and April, the FBI identified at least 20 incidents in which cybercriminals gained access to SMBs' banking credentials, such as usernames, passwords or authentication tokens, and used them to electronically wire money to accounts held by "Chinese economic and trade companies," the alert said.
The amounts of the illegal wire transfers have ranged from $50,000 to $985,000, with the majority involving sums of more than $900,000.
Many of the companies that have received the money are registered in port cities such as Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning. The companies appear to be legitimately registered businesses and typically have accounts at the Agricultural Bank of China, the Industrial and Commercial Bank of China and the Bank of China, the alert said.
So far, the break-ins have siphoned $11 million out of SMB accounts. In all, the crooks have attempted to steal $20 million from SMBs in the past month, the alert warned.
Such online account takeovers are not new. The FBI, the FS-ISAC and NACHA, the body that oversees the ACH network, issued a similar warning in the fall of 2009.
At that time, the FBI said several new cases were reported weekly. In most instances, the crooks used sophisticated keystroke logging and Trojan horse programs to steal log-in credentials from company employees authorized to initiate funds transfers on behalf of their employers, the FBI noted in its 2009 alert.
The same warnings were repeated in this week's alert. The alert noted that the malware used in the recent attacks had not been identified in all cases, but at least some instances involved the ZeuS banking Trojan, the Backdoor.bot keylogger and Spybot, an IRC backdoor Trojan.
In addition, one victim reported being hit with malware that allowed hackers to completely erase the hard disk of the infected computer before any investigations could be done, the alert said.
The FBI alerts urged banks to notify customers if they notice any wire transfers destined for Raohe, Fuyuan, Jixi City, Xunke, Tongjiang or Dongning.
Avivah Litan, an analyst at Gartner, said banks need to do more to protect themselves from such attacks, especially since they are in a better position to tackle the problem.
"These attacks are using the same techniques that have been used for a couple of years against business bank accounts and more recently against enterprise systems and security companies," Litan said. "The attacks keep coming, because most banks have yet to build up sufficient defenses.
There has been speculation that the Federal Financial Institutions Examination Council (FFIEC), a standards-setting body for the financial services industry, could soon require banks to implement stronger forms of user authentication, but no action has been taken.
A Gartner survey conducted in February found that many banks continue to rely on "crude" security measures, such as cookies and secret questions, to protect online accounts, Litan said.
"Nearly two-thirds of the surveyed banks manage their fraud detection and customer authentication projects by committee, which means [security is] always someone else's responsibility. It should come as no surprise, then, that the attacks are succeeding."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
Read more about Financial IT in Computerworld's Financial IT Topic Center.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
China says to Chiang Kai-shek all Bitcoins at the door.
China marches long and hard over internal financial institutions, proclaiming that Bitcoins "should not and cannot be used as a currency". The news sent Bitcoin exchanges into a dive like cormorants in the deep China Sea. But all is not lost -- or is it? Bitcoins have been bubbling back to the surface, or has China's stance drained all enthusiasm? In IT Blogwatch, fearless leaders and bloggers quote pearls of wisdom from the little red book of Bitcoin. Not to mention: Financial advice from Whiz and Ice...
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Make or Break: New Auto Products Must Go To Market On Time
- This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Stock Shock: The effect of project and portfolio management on share price
- In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Hedge Your Bets
- This report explains how visibility and increased governance is key to reducing risk.
- In the Firing Line
- CEOs Are Increasingly Being Held Accountable; How susceptible is the CEO's reputation to poor performance across the project portfolio?
- The CISO's Guide To Virtualization Security
- This guide describes the security challenges within virtualized environments and shows how to apply the concepts of Forrester's Zero Trust Model of information... All Financial IT White Papers
- Live Webcast Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Live Webcast The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Live Webcast The Business Value of Human Capital Management for Finance View now >>
- HR and Finance Were made for Each Other View now >>
- The Value of Human Capital for Finance Professionals View now >>
- The Business Value of Human Capital Management for Finance View now >>
- The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- All Financial IT Webcasts
Computerworld's Best Places to Work in IT 2013 list featured Quicken Loans, Securian, Vanguard and other top finance organizations. Honorees say the distinction helps them recruit top talent and boost staff morale.
Want to join this elite group? Nominate your organization for our 2014 list.