A regional Virginia bank, the National Bank of Blacksburg, following a fruitful phishing attack that compromised the entire organization’s interior networks has lost $2.4 million in a digital heist that affected the STAR ATM along with the debit network.
As per an April 2018 profit proclamation from the National Bankshares, the parent organization of the bank, National Bank’s computer system experienced two digital interruptions, in the month of May in the year 2016 as well as in January of 2017.
In the two cases, the interlopers could infiltrate an inner workstation with a phishing exertion and a weaponized Microsoft Word document. From that point onwards, the attackers installed the malware, and pivoted to a machine on the network that had access to the bank’s interface with the STAR network.
The hackers made withdrawals at several ATMs, recommending a profoundly organized exertion. National Bank employed Foregenix to examine the 2016 episode and Verizon to deal with the forensics for the 2017 break, as indicated by the claim. According to the reports, the two organizations followed the movement back to the IP addresses situated in Russia.
Leroy Terrelonge, director of intelligence and operations at Flashpoint, in an interview said that,
“Actors who target banks are primarily financially motivated, they want a large return on their investment in gaining access to the bank and performing reconnaissance. When attackers are able to establish a presence on a network through deployment of malware or using stolen credentials, they can often remain in stealth for a period of weeks or months, and they use that time to observe the activity of normal users at the bank and perform reconnaissance of the systems, processes and procedures used. ”
The bank is presently suing its insurance carrier for not covering the full extent of the damage. In the claim, it clarified that it had two sorts of coverage for the cyber issues: The Computer and Electronic Crime Rider, which covers a wide swath of odious action and misfortunes up to $8 million for every hack; and the Debit card Rider, which has a $500,000 cap for each incident.
With respect to the bank’s inner endeavors at cyber security in the wake of the hacks, National Bankshares president and CEO Brad Denardo issued a short media explanation addressing the matter:
“I would like to reassure our shareholders and our customers that we take cyber security very seriously. We have taken the necessary steps to avoid cyber intrusions of the sort we experienced in 2016 and 2017, and we continually work to monitor and prevent future threats.”