2019 marks the 25th anniversary of the very first cyber-heist, netting one of the first cybercriminals $10 million from Citibank. The tactics have changed, but the target hasn’t.
1994 was a vastly different time for banking, computers, and the Internet. Dial-up banking was on the cutting edge, ATMs were just starting to take shape into something that resembles a predecessor to today, and even many the largest brands in the world had no Internet presence yet.
But, despite the state of technical infancy (in comparison to today), somehow hacker Vladimir Levin and several accomplices used social engineering to convince Citibank to access $10 million from several large corporations and wire it to him. Most of the money was eventually recovered, with Levin and his accomplices arrested.
Today, we seen countless stories of banks being targeted with social engineering scams, the modifying of bank listings in Google Maps, and all-out attacks designed to penetrate banking networks. It’s no coincidence – the banks are where the money is.
So, what can we banks learn from attacks – both Levin’s and those of today?
- Banking is Still a Target – cybercriminals are looking for specific businesses, specific transaction types, and specific individuals where money changes hands. It’s one of the most profitable schemes. Banking is the obvious choice for achieving the greatest return with the smallest amount of effort.
- Protect the Money – Seems simple enough, but it’s true. If banks focus on protecting the intersection of the money they hold, the users that can process it, and the ways by which those users interact with the outside (read: customers, partners, contractors, email, and web), they will achieve far more success in thwarting attacks. Solutions that protect the endpoint, scan email attachments and links, and protect user interactions with the web are all critical aspects of a security strategy.
- Social Engineering is Key – Whether a phone call, phishing email containing malware, or malware-less email, users at banks need to be conned into taking action (clicking on a link or attachment, changing routing information, etc.). Social engineering has always been at the core of most successful attacks. Security Awareness Training, as part of creating an overall security culture within the banking organization is key to elevating users’ sense of security with each interaction involving money.
- Attacks Will Only Increase – In 1994, there was a single newsworthy attack. Today there are more and more stories everyday about banks, mortgage companies, accounts payable departments – anyone that handles money – that are targets of cybercrime. Expect the frequency, creativity, and audacity of attacks to continue to rise.
Cyberheist: The BIGGEST financial threat facing American businesses
Organized cybercrime is going after your employees. Read about in this free 240-page e-book.
Want to read this bestseller? Register now for your free (instant PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.