18 Sep 2012

Cyber Crooks Steal Bank Employees’ Credentials for Wire Transfer Fraud


Cyber criminals are targeting bank employees to steal their credentials for wire transfer fraud, according to the FBI. Authorities discovered cyber criminals are using spam and phishing e-mails, keystroke loggers, and remote access trojans to compromise financial institutions’ networks.

“The stolen credentials were used to initiate unauthorized wire transfers overseas,” FBI representatives said. “The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actor(s) raised the wire transfer limit on the customer’s account to allow for a larger transfer.”

In some incidents, hackers used variants of ZeuS to steal login information. In other cases, they broke into the companies’ websites with DDoS attacks as a distraction. In this way, the IT department was prevented from immediately identifying the fraudulent transactions. One botnet used for this scheme was the Dirtjumper botnet, with a commercial kit sold for $200 on underground forums.

Cyber crooks were also able to get multiple employee or administrative credentials at once, and fool authentication measures used by financial institutions. This allowed them to handle all aspects of a wire transaction, including approval, and to browse multiple accounts to select the richest.

However, the FBI discovered fraudsters weren’t successful all the time. In most transfer failures, they entered the account information incorrectly. Cyber criminals targeted small-to-medium sized banks or credit unions, but also a few larger banks.