Back to Blog

Virginian Bank Robbed Twice in Eight Months

July 26, 2018

By: Phil Muncaster

The perils of phishing emails and cyber-insurance were laid bare this week after news emerged of an American bank that fell victim to hackers twice within eight months and is suing its provider for failing to cover the losses.

The Virginian National Bank of Blacksburg was hit in late May 2016 and again in January 2017 thanks to phishing emails which eventually resulted in the combined theft of $2.4m.

The first attack enabled attackers to install malware on a victim’s PC, allowing them to access the STAR interbank network and disable controls including PINs, daily withdrawal limits and anti-fraud measures, according to journalist Brian Krebs.

The attackers were then able to dispense funds from customer accounts of over half a million dollars to ATMs around the country.

The second attack apparently used a booby-trapped Microsoft Word document to access the bank’s Navigator software, which they used to artificially credit various accounts with $2m before withdrawing funds from ATMs in the same way and deleting the evidence.

Chandu Ketkar, principal consultant at Synopsys, argued that the breaches came from failures of security awareness training, monitoring controls, emergency response, and policy around Office macros.

Ryan Wilk, vice president at NuData Security, added that phishing risk can be mitigated by migrating away from static username/password combinations.

“This is a clear example of why merchants and financial institutions are moving past the user’s personally identifiable information (PII) as a way to authenticate them and incorporating multi-layered solutions with passive biometrics and behavioral analytics,” he added. “These technologies thwart the reuse of data by fraudsters and, instead, verify users based on their behavioral information.”

In a further twist, the bank is now suing its provider, Everest National Insurance Company, for failing to pay out.

More: https://www.infosecurity-magazine.com/news/virginian-bank-robbed-twice-in/

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.