Imagine if it were possible to perform a $100 million bank heist without a drill, mask, gun or getaway car in sight.
This sort of crime is not only a very real threat, but is growing in popularity as criminals turn their attention from stealing the credentials of account holders to focus on the banks themselves.
The Annual Threat Report from Symantec highlights many instances of this type of cyber crime, with the most notorious of the past 12 months being the successful $A108 million heist from a Bangladesh Bank.
Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York using credentials of Bangladesh Central Bank employees.
The scam resulted in millions of dollars being transferred to accounts in the Philippines, Sri Lanka and other parts of Asia.
Symantec security expert Nick Savvides said the attacks were a fascinating case study in cybercrime.
“Typically, banks have good security controls so the attackers have focused on stealing from their customers,” he told news.com.au.
“This attack needed detailed knowledge of the systems and processes used inside banks, the communication methods and the monitoring systems indicating a very skilled and well-resourced crime-group.
“In these attacks, the banks rather than their customers were the targets, using the SWIFT network that banks use to transfer money between themselves.”
The Symantec report also found for the first time that nation states appear to be involved in sophisticated cyber crime.
“On analysing the tools used in the bank heists, they were found to be similar to the ones used by the Lazarus crime group the FBI has associated with North Korea,” he said.
“It’s the first time Symantec has seen a nation state turn to cybercrime for money, rather than for espionage or sabotage.
“It’s a worrying sign as government cyber teams are typically well resourced, have access to a wealth of information about their targets that comes from the other branches of their intelligence services.”
On a more personal level, email attacks are the highest they have been in five years, with one in every 121 emails containing a malicious link or attachment.
Mr Savvides said while it might seem easy to spot a nasty email, many consumers continue to fall victim to these attacks.
“The cyber-criminals wouldn’t use this method if it wasn’t successful and they are always improving the content of their emails to make them very convincing,” he said.
“For example, while many people have learned that the federal police will never send you a speeding fine by email, pretty much every Australian is buying goods online, so the fake invoice, fake delivery docket or parcel pick up emails can be very convincing.”
TIPS TO PROTECT YOURSELF
Change the default passwords on your devices and services: Use strong and unique passwords for computers, IoT devices and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”.
Keep your operating system and software up to date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
Be extra careful on email: Email is one of the top infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments. Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content.
Back up your files: Backing up your data is the single most effective way of combating a ransomware infection. Attackers can have leverage over their victims by encrypting their files and leaving them inaccessible. If you have backup copies, you can restore your files once the infection has been cleaned up.