Daylight robbery in the United States: The National Bank of Blacksburg suffers from two attacks in eight months
During the past eight months, hackers managed to compromise a bank in Virginia twice. Two separate cyber attacks helped them to make more than 2.4 million dollars. At the moment, the bank is suing their insurance provider for refusing to cover the losses.
The first attack was initiated in late May 2016 when one of the employees at The National Bank of Blacksburg opened a phishing email. With its help, the intruders installed tracking malware. After compromising the second computer that had access to the STAR Network and could manage National Bank customer accounts, and their usage of bank cards, ATMs, hackers got an ability to alter and disable these functions:
- anti-theft protections;
- personal identification numbers;
- daily withdrawal amount;
- debit card usage limits;
- fraud score protections.
According to the National Bank, the first breach took place on May 28. It started on Saturday and continued to the following Monday – the Memorial day in the United States. Since it was a federal holiday, hackers had a full three-day time limit for their campaign. Criminals used hundreds of ATMs throughout North America to extract funds from bank customers' accounts. This time, hackers stole more than $570K.
After this breach, National Bank employed the cybersecurity firm to investigate the attack. Foregenix determined that activity of this hack came from Russian Internet addresses. In June, the bank applied additional security protocols that are supposed to flag the specific types of repeated transaction patterns happening in a short period.
Only seven months passed by and another attack occurred
In January 2017, hackers broke into the bank's system for the second time. According to the newly-filed lawsuit, the access to the system was also gained via email. This time, hackers managed to compromise a workstation that had access to software used by National Bank for managing credits and debits on customer accounts. As a result, they stole almost 2 Million dollars.
According to the report, hackers modified critical security controls and stole the money using ATMs. By using the bank's systems, they monitored customer accounts and tried to delete evidence of this malicious campaign which, most probably, was initiated by the same group of attackers. The bank has also been informed that the breach was achieved by using macro embedded MS Word documents.