Archive

Go to:

August 2017
SMTWTFS
12345
6789101112
13141516171819
20212223242526
2728293031
< Jul Sep >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Malware Impacting Credit Unions... Again
Friday, April 22, 2016 6:25 AM

An increase in malware infections have led to large monetary losses targeting financial institutions, including credit unions. Recently, cyber thieves lifted a credit union employee's login credentials compromised via malware, logged into a card processor's system, ordered new debit cards, and removed the daily limits on those cards. 

In addition, news reports suggest that another malware targets business customers and their accounts at financial institutions with attackers able to successfully steal multi-millions in the malware heist.

Details

Malware has the ability to infect a system and steal login credentials, financial data and even capture screenshots that are distributed to attackers as a means to carry out their heist. Two recent malware strains causing havoc in the financial marketplace have been identified as Trojan:Win32/Dynamer!ac and another Trojan hybrid “GozNym” spawned from the Nymaim and Gozi ISFB malware.

Malware is often distributed in spear phishing attacks that target a select group of employees. The emails contain an infected attachment or a link to an infected website. The malware is released when an unsuspecting employee opens the infected attachment or navigates to the infected website by clicking on the link.

One malware situation involved a workstation computer belonging to the credit union’s card services employee. The malware captured the employee’s login credentials to the card processor’s system by searching through the employee’s browsing history. Using the stolen login credentials, the cyber thief logged into the card processor’s system, ordered several new debit cards and removed the daily limits on those cards. The cyber thief also changed card settings to remove international blocks so the cards could be used outside of the U.S.

The latest reports suggest that Trojan GozNym targeted 22 websites that belong to banks, credit unions, and e-commerce platforms based in the U.S., and two that belong to financial institutions from Canada. Business banking services appear to be a top target for the Malware creators, according to the IBM researchers.

Remember… cyber thieves continue to target the weakest link at organizations—most often, the employees. Don’t just think it is front-line staff though; these criminals often hit the jackpot when the malware compromises credentials of key administrators. This allows them to move about the network and access sensitive data without being noticed.

Risk Mitigation

Defenses credit unions can take to defend against malware and spear phishing attacks include:

  • Deploy a spam/email filter capable of detecting malicious attachments/links to malicious websites;
  • Use a web filter capable of detecting malicious websites;
  • Maintain an up-to-date antivirus/antimalware solution;
  • Update your operating system whenever security patches are available;
  • Block access to personal email accounts;
  • Monitor all network traffic including inbound, outbound and internal traffic; and
  • Conduct frequent security awareness training, including social engineering, for all employees.

To help mitigate attacks that impact your card program, be sure to:

  • Use all of the card processor’s security tools offered for accessing the processor’s system (e.g., IP address restrictions, strong multifactor authentication method, etc.);
  • Monitor the new cards issued report to ensure cards have been properly authorized; and
  • Review card maintenance reports for unusual items, such as changes to daily spending limits.

Risk Prevention Resources

Access CUNA Mutual Group’s Protection Resource Center at cunamutual.com for exclusive Risk Management resources to assist with your loss control needs. The Protection Resource Center requires a User ID and password. Or contact your CUNA Mutual Group Risk Management Consultant at 800-637-2676, or use Ask a Risk Manager for additional risk insights and assistance.

CUNA Mutual Group is an approved five-star business partner of Credit Union Resources, Inc., which is a wholly owned subsidiary of Cornerstone Credit Union League. For more information about Credit Union Resources, please visit curesources.coop.