No matter how hard security companies work on improving detection and teaching employees about insider threats and risks, corporate environments are still falling to cover the most basic and common attack vector – phishing scams.
You’d definitely expect more from important institutions that operate with customer data and finances. A bank in Virginia has been hacked not once, but twice in the last eight months, after an employee was tricked into opening a targeted phishing email, writes security expert Brian Krebs. The hackers infected the employee’s computer with malware and used it to compromise a computer that could access the STAR Network used to manage customer accounts, bank cards and ATM transactions.
Hackers stole $569,000 after disabling all security, cash and card usage limits. Because the first breach happened during Memorial Day, hackers had three full days to manipulate the system and steals funds from across North America.
In the second incident, they regained access to the STAR Network and also breached a computer that could access the credit and debit accounts. Hackers credited more than $2 million to a number of accounts, after deploying similar hacking methods to the first heist. A loss of $1,833,984 was reported from the two breaches.
The National Bank of Blacksburg is now taking its cybersecurity insurer to court because they won’t cover all losses following the two phishing campaigns deployed. It filed the lawsuit in the Western District of Virginia only last month, although the first hack occurred in May 2016 and the second in January 2017.