Cyber Gang Beats Global Banks Out of Billions-Phishing Catches Whales

phishingBrokerdealer.com blog update courtesy of  David E. Sanger and Nicole Perlroth of the New York Times.

According to a just released investigation conducted by cyber security firm Kapersky Labs, a modern day gang of cybercriminals using seemingly simple email-based phishing techniques has beaten global banks, including the world’s biggest brokerdealers, out of at least $1billion during the past year alone.

When notorious 20th century gentleman bank robber Willie Sutton was asked by a news journalist (not Brian Williams!) why he robbed banks, the answer Sutton purportedly was: “Because that’s where the money is..” Though Sutton later disputed making that comment,  robbing banks in the 21st Century no longer requires wearing a ski mask and passing a teller a note that says : “This is a stick-up, give me all of your money.” Instead, according to the last series of bank heists, the weapon of choice starts with a phishing strategy that includes sending an email to a targeted bank employee that purportedly came from a sender known to the recipient, and includes an invisible piece of bait (commonly referred to as ‘malware’) embedded within the email message. That malware, which is chock full of computer code that enables access to critical systems ultimately lodges into the bank’s belly, enabling the ‘phisher’ to move tens of millions of dollars out of the bank and into the nets of phisher accounts in other banks.

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Fridaywhen he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”

The American Bankers Association declined to comment, and an executive there, Douglas Johnson, said the group would let the financial services center’s statement serve as the only comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, has also been briefed.

The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.

The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.

For the full story, please visit the NY Times by click here

 

Cybercriminals Assault BrokerDealers; Most BDs Bamboozled by MITB and Phishing Schemes

BrokerDealer.com blog update courtesy of extract below from 3 Feb WSJ story by Matthias Rieker

Cybercriminals Attack BrokerDealersMore than half of U.S. brokerage firms surveyed by regulators said they had been targeted by email scams aimed at tricking them into wiring away client money.

In many cases, brokers fell for the impostors and their firms had to reimburse their clients. Of the brokerage firms that received the fraudulent emails, 26% reported losses of more than $5,000, according to the Securities and Exchange Commission.

The SEC last year sampled 106 firms—57 broker-dealers and 49 registered investment advisers—to assess the industry’s cybersecurity risk.

On Tuesday, the regulator said 88% of the broker-dealers and 74% of RIAs it examined for its report had experienced some form of a cyberattack. The agency didn’t say in what years the attacks occurred.

The wealth-advisory industry has long been struggling with what security experts and advisers say has been an onslaught of fraudulent wire-transfer requests, many resulting from client email accounts being hacked. Fifty-four percent of broker-dealers and 43% of RIAs said they had received fraudulent emails seeking to transfer client money.

  • Fifty-four percent of broker-dealers and 43% of advisers said they had received fraudulent emails seeking to transfer client money.

For example, a former Morgan Stanley Smith Barney adviser—whose client’s email had been hacked—wired a total of $521,500 in four requests over two months last year. Also, a former Wells Fargo adviser failed to confirm two wire transfers for a total of $67,532 over two months in 2012 that turned out to be from an impostor.

The Financial Industry Regulatory Authority, Wall Street’s self-regulator, suspended and fined both advisers last month. Neither admitted or denied the allegations, and their firms fired them, according to Finra. Morgan Stanley and Wells Fargo declined to comment on the cases.

Like most firms, Morgan Stanley and Wells Fargo have strict procedures on how to thwart such scammers, but some advisers haven’t been vigilant enough to ensure the requests are actually from their clients. Of the broker-dealers that reported losses from fraudulent emails, a quarter said the losses were the result of employees not following the firms’ authentication procedures, the SEC said.

SEC chairwoman Mary Jo White says assessing the readiness of market participants and providing investors with information on how to better protect online investments from cyberthreats is an important focus of her agency.

Finra said that last year it brought 37 cases related to the improper transfer of investors’ money to third-party accounts.

“Cybersecurity threats know no boundaries,” SEC Chair Mary Jo White said in statement. “That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”

The SEC also said it found that 58% of broker-dealers but only 21% of RIAs are insured against losses from cyberattacks. One broker-dealer and one adviser reported that they had filed claims, the SEC said.

For the full story from the WSJ, please click here