The Financial Services Information Sharing and Analysis Center (FS-ISAC) recently alerted its members that Russian and Eastern European cyber-criminals are stealing millions of dollars from small to mid-sized businesses through online bank fraud.
According to the Washington Post, the group of cyber-criminals is using security vulnerabilities in Microsoft’s Windows operating system to install logging software to capture usernames and passwords for online banking and brokerage accounts. The attackers use the account access to wire large sums of money out of victim’s accounts into accounts overseas.
A school district in Pittsburg had $700,000 transferred out of their accounts and had to file a lawsuit to get the money back. In May, a company in Texas had $1.2 million stolen out of their account and transferred overseas. Also in May, an electronics testing firm had over $100,000 transferred out of their accounts and sent overseas.
Although these attacks are happening at a much greater rate, many companies that have been victimized have been hesitant to come forward about the loss out of fear of retribution by their bank. Others are afraid of negative publicity they might receive from the press, which would cause customers to think twice before handing over a credit card to their business.
Since most of the countries that these criminals are operating out of the realm of US authorities, it will be unlikely that the cyber criminals be apprehended.
