Hackers hacked Virginia bank twice in eight months, 2.4M USD stolen

Share this…

It’s estimated that they stole $2.4M

A group of hackers used a phishing campaign to enter a bank in Virginia in two different occasions over an eight-month period, managing to extract a total $of 2.4M. According to reports of enterprise data protection services experts from the International Institute of Cyber Security, the financial institution is suing its insurance provider for refusing to cover the losses completely.

According to a lawsuit filed last month in Virginia’s West District, the first heist took place in May 2016, after an employee of the National Bank of Blacksburg fell into a spare phishing mail.

The mail allowed hackers to install malware on the victim’s PC and jeopardize a second computer in the bank that had access to the red STAR, a system run by the financial industry giant First Data, which the bank uses to manage Debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and its use of ATMs and bank cards.

According to the Bank, thanks to this access hackers were able to disable and tamper with anti-theft and antifraud protections, such as personal identification numbers (PIN), daily withdrawal limits, daily debit card usage limits, and protections against fraud.

After this event, the National Bank hired the information security forensics firm Foregenix to investigate. The company determined that the tools of the hackers and the activity seemed to come from Russian Internet addresses. In June 2016, the National Bank implemented additional security protocols, recommended by FirstData. These protocols were implemented to help the bank identify specific types of repeat transaction patterns that occur in a short period of time.

But only eight months later, in January 2017, hackers broke into the bank’s systems once again, regaining access to the financial institution’s systems via phishing e-mail. This time, the attackers not only regained access to the bank’s STAR network, but also managed to compromise a workstation that had access to Navigator, a software used by National Bank to manage credits and debits in costumer’s accounts.

Before executing the second heist, hackers used the bank’s Navigator system to fraudulently credit more than $2M to several National Bank accounts. As with the first incident, the hackers executed their heist on a weekend. Between January 9 and 7, hackers modified or eliminated security checks and withdrew fraudulent credits using hundreds of ATM’s.

According to enterprise data protection services, while cash withdrawal occurred, hackers used the bank’s systems to monitor customer accounts from which funds were withdrawn. At the end of the robbery, hackers used their access to remove evidence of fraudulent debits from customer accounts. The total loss reported by the Bank for that violation was $1,833,984.

This time, Verizon was hired to investigate the attack and according to the bank, the company’s forensics concluded that the tools and servers used by hackers were of Russian origin. The lawsuit points out that Verizon determined that it was probably the same group of hackers responsible for both intrusions.

In its lawsuit, the national Bank says to have an insurance policy with Everest National Insurance Company for protection against cyber crime losses. The first insurance, against “computer and electronic crimes”, had a single limit of liability for loss of $8M, with a deductible of $125K. The second provided coverage for losses resulting directly from the use of lost, stolen or altered debit cards or counterfeit cards, as reported by experts in enterprise data protection services.