Remote banking service system (NBA) has always been attractive to fraudsters goal - Kaspersky Lab regularly researching similar systems related incidents. Specialists of the company, with the help of an example of one such case, decided to describe the implementation of an attack mechanism.
Typically, the bank's IT infrastructure is well protected, and cyber criminals trying to take over the NBA system from the client side, but their main purpose is becoming accountants with the necessary data and access rights to the NBA system. In case of success imposter gets the ability to manage all of the company's funds. Usually, the victims of the attack becomes the last - of the debiting of accounts of the company.
Today, however, many company managers believe that such incidents will not happen to them - after all, they have a specific banking software, which requires a password and a special key to access the NBA system and the IP address of the originator bank was checked.
By studying one of these attacks, Kaspersky Lab specialists affected the company's accountant discovered a legitimate computer program Remote Manipulator System. Detected version of the program has been modified - it allowed Con artists not only to manage the computer remotely, but also to download it other malicious software. It turned out that the imposter applied social engineering techniques. Accounting Department of Revenue on behalf of the alleged letter sent urgently called to process the message. Launched letter, program immediately infected computer.
Upon receipt of a complete and humble accountant, computer controls, criminals Adding a keyboard clicks Registration Programme (. Keylogger) to know the access password to the NBA system. Con artists left is then formed and the system to execute a payment message on behalf of an accountant - the key and the sender's IP address was legitimate.
Interestingly, that the situation was very quickly impostors, and all his plans fulfilled within four days. The first three were for preparation and active actions directly related to the theft of money were made within a few hours of the fourth day.
"The steady increase in the number of cases like hacking shows that the straightforward protection of the NBA system is not enough. Unfortunately, not all leaders understand this. Without knowing the tricks fraudsters similar, it appears that the electronic key and an IP address from the bank checking mechanism ensures reliable protection. But forget the human factor - the only one with the help of social engineering to trick criminals accountant gets full control of the computer. That is why leaders should understand that the company's IT security policy governing security solutions, it is impossible without rules and guidance staff and incident response regulation, "- commented Mikhail Prochorenko, Kaspersky Lab anti-virus expert.
Details on the company's computer infection mechanisms and obtaining access to the account can be read in this article.
