How to rob a bank with phishing and malware

OK, I know I keep going on about email phishing, but unfortunately, it's on the increase. Last year Google Research produced a report in which they identified that 12.4 million individuals have potentially been the victim of phishing with over 1.9 billion usernames and passwords readily available on the blackmarket. To help combat phishing and other security attacks Google recently released updates to it's G Suite, GCP and Chrome Enterprise products. These updates include more proactive phishing and malware detection using Machine Learning.

As an example of how cybercriminals are using phishing attacks here is an infographic and article from Europol on how the cybercriminals responsible for the Carbanak and Cobalt malware attacks targetted over 100 financial institutes and stole over 1 billion euros!

Source: Europol

The attacks all started with simple spear phishing emails sent to bank employees. These emails, impersonated legitimate companies and customers of the bank, had malicious malware attached. Once downloaded, the malicious code allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network which they used to then infect the servers controlling ATMs, manipulate bank records, and transfer money from one account to another.

There is no doubt that these were well-coordinated and sophisticated attacks, however as the method of deploying the malware was via a spear phishing attack it could have been prevented. All staff need to be aware of how phishing attacks work, and what to look for. Here are my top five things you can do to improve cybersecurity

Comments

GDPR Compliance - The Sky Is Falling

Over the past few months, I've been speaking to more and more business owners about their concerns regarding GDPR (General Data Protection Regulation), which becomes law on 25th May 2018. The concerns appear to come from misinformation and fake news over GDPR. There are the scaremongers, reporting on the increase fines that an organisation could face. While it's true GDPR has increased the levels of fines to 2% of an organisation’s global turnover, and for more severe incidents €20 million or 4% of turnover, whichever is the larger, it's unlikely that fines will rocket. Elizabeth Denham, the information commissioner for the UK, stated in a recent blog , it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm. Denham continued to say that; " The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GD

5 things you can do to improve cybersecurity

As I mentioned last year, phishing attacks are on the increase. Recent studies have shown that many small businesses are seriously underprepared to deal with a security breach. With its employees being a small businesses most valuable asset, it is important to understand how you can protect them and your business from a cyber attack. Here are the top five things you and your employees need to know about cybersecurity:- Cybersecurity knowledge Many users believe that all IT security is the responsibility of the IT staff, or that some magical shield has been implemented like a technological Patronus Charm which will save them from the bad guys. Unfortunately, many small businesses can't afford top security experts so it is important that employees understand they play a critical role in protecting your organisation. Employee training is the first line of defence against cyber-criminals. Make sure that all employees are have been correctly onboarded into your organisation. Make

What is the difference between Artificial Intelligence and Machine Learning

After my recent article in which I discussed the future of work , and how AI technology will be used to disrupt once safe traditional roles, I felt that an article explaining the difference between Artificial Intelligence (AI) and Machine Learning (ML) was needed. Unfortunately, I realise that many people in the tech industry often use these hot buzzwords interchangeably. So here is my understanding of these terms and I hope it helps. Artificial Intelligence. You've probably already seen AI being incorrectly referenced on social media and in the news. Then thinking about AI think of it as a broad set of different technologies in which a computer is able to answer a question without being programmed to do so. Machine Learning is an application of AI which uses a large set of data and advanced statistical analysis in order for machines to determine the answer from previous similar question and answers. The way I see it, AI is more of a vision, a direction of travel with only a

Bespin labs

Search This Blog