Hacking incidents in financial firms is increasingly assuming an alarming rate.  Imagine this, just in eight months’ timeframe, hackers breached the “Virginia Bank” twice and stole $$2.4M.

What is the motive behind this? Money!  The growing list of banks being targeted in hacking attacks points to only one conclusion.  Money is increasingly becoming one of the leading causes of all hacking attacks today the world over.

The details of this attack were revealed in a lawsuit filed in the Western District of Virginia.

How was the attack executed?

An email phishing campaign was the origin.  The suit alleged the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email.

The email allowed the intruders to install malware on the victim’s PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

Once access is gained, hackers were able to disable and alter anti-theft and anti-fraud protections, such as 4-digit personal identification numbers (PINs), daily withdrawal limits, daily debit card usage limits, and fraud score protections.

Timeline of key events

Saturday, May 28, 2016. According to National Bank, the first breach began Saturday, May 28, 2016 and continued through the following Monday. Normally, the bank would be open on a Monday, but that particular Monday was Memorial Day, a federal holiday in the United States. The hackers used hundreds of ATMs across North America to dispense funds from customer accounts. All told, the perpetrators stole more than $569,000 in that incident.

Following the 2016 breach, National Bank hired cybersecurity forensics firm Foregenix to investigate. The company determined the hacking tools and activity appeared to come from Russian-based Internet addresses.

In June of 2016, National Bank implemented additional security protocols, as recommended by FirstData. These protocols are known as “velocity rules” and were put in place to help the bank flag specific types of repeated transaction patterns that happen within a short period of time.

January 2017. Eight months later, hackers broke in to the bank’s systems once more, again gaining access to the financial institution’s systems via a phishing email.

This time not only did the intruders regain access to the bank’s STAR Network, they also managed to compromise a workstation that had access to Navigator, which is software used by National Bank to manage credits and debits to customer accounts.

Prior to executing the second heist, the hackers used the bank’s Navigator system to fraudulently credit more than $2 million to various National Bank accounts. As with the first incident, the intruders executed their heist on a weekend. Between Jan. 7 and 9, 2017, the hackers modified or removed critical security controls and withdrew the fraudulent credits using hundreds of ATMs.

All the while, the intruders used the bank’s systems to actively monitor customer accounts from which the funds were being withdrawn. At the conclusion of the 2017 heist, the hackers used their access to delete evidence of fraudulent debits from customer accounts. The bank’s total reported loss from that breach was $1,833,984.

This attack adds to the growing list of high-profile incidents that includes the University of Maryland, Equifax, Target, Home Depot, Chase, Goodwill, etc.

The costs associated with the attacks has many dimensions: Reputation Loss, Actual Monetary Loss including costs to investigate, clean up and recover compromised or downed systems. In a recent study, the Ponemon Institute benchmark research, the 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $3.86 million, a 6.4 percent increase from the 2017 report. study identified a number of factors that could materially affect the impact and cost of managing a data breach.  In addition to the average cost of an incident, there are other collateral costs including expenses associated with third parties i.e. the cost of managing a data breach which borders around 13% above the mean cost.

Third Party Threat Vectors

Third parties that provide services and products to organizations are increasingly becoming attack vectors. There is ample evidence that this is a common situation that is increasing by the day with the rapid adoption of computing and application services. A case in illustration is the HVAC issue that was a vector for the Target breach, incidents at Lowe’s, Goodwill and AutoNation that were all attributed to third-party vendors (E-DriverFile, C&K Systems and Trademotion respectively). Therefore, the need for third party diligence has been identified as necessary by financial and healthcare regulators. Effective vendor security management that includes incident management makes good sense as both preventative and response measures and is key to loss avoidance.

Proactively planning for breach response makes sense

Companies that have effective breach response plan will come out faster with less cost. In other word, the maturity of breach response plan represented another interesting opportunity to either increase or reduce the cost of a breach. Companies that provided quick, less coordinated announcements and response activities that did not follow a clear protocol incur management costs of 7% above the mean. But those with a clear incident response plan reported average costs around 8.5% below the mean. Invariably, the difference in response approach represents entails either lowering the costs due to an incident. In the finally analysis, organizations that are proactive in planning for breaches come out swinging better.