Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Well-Known Cybercrime Group Continues Attacks on Banks

    cobaltThe notorious criminal group Cobalt—aka Carnanak—impersonates vendors or partners to gain access to bank networks, with each successful attack taking in as much as €10 Million.
     

    The Cobalt gang is thought to be responsible for attacks on banks in 40 countries, costing over €1 Billion in damages. In their latest attack, phishing emails are once again used to trick users into clicking on malicious attachments or links. Impersonating businesses relevant to the banks – including one email campaign appearing to come from SEPA Europe (Single Euro Payments Area) with information about expanded coverage – users are unknowingly allowing malware infections, giving Cobalt a foothold.

    Once they have access Cobalt can move laterally within the bank’s network, looking for systems they can compromise for financial gain. Take the example of The National Bank of Blacksburg, in Virginia – attackers were able to compromise security controls, allowing debit card transactions that wiped out accounts.

    Banks continue to be a major target of cybercrime, with the potential payoff being far greater than stealing data or holding it for ransom.

    And, yet, right in the middle of nearly every one of these attacks is the very requirement for a user to be fooled into becoming an unwitting participant. Cybercriminals find it much easier to use social engineering and simply ask someone to open the door (by means of tricking them into clicking a link or opening an attachment) than to try to hack their way in.

    Putting it another way, Cobalt is only successful because bank employees allow them to be.

    Users at banks and any organization concerned about the potential risk an attack poses should consider enhancing their security where it’s weakest. In light of the many, many stories of successful Cobalt attacks, your weakest link is the user.

    Users that participate in ongoing Security Awareness Training have an elevated sense of maintaining security, scrutinizing each and every email, link, and attachment received. So rather than simply hoping your security solutions will catch spam, spoofed emails, malware, and malicious links, your organization can ensure a heightened level of security that includes the user as part of a multi-level defense-in-depth approach.

    Free Phishing Security Test

    91% of successful data breaches started with a spear phishing attack

    Would your employees click on malicious links and/or attachments in phishing emails? We help you train your employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our free test. 

    Get Your Free PST Now

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews