Social Engineering the $100M Bangladeshi Bank Fraud
Security breaches based either wholly or partly on social engineering are one of the top trends for 2016. Hackers recently stole more than $100 million from Bangladesh’s account at the Federal Reserve Bank of New York by utilizing social engineering as part of their sophisticated plan to transfer funds from the Federal Reserve Bank to several illicit accounts in the Philippines and Sri Lanka.
The hackers had been remotely monitoring activity at Bangladesh’s central bank for several weeks, using previously installed malware, in order to learn the bank’s internal processes and to figure out who the trusted contacts were at the bank. This allowed them to spoof the correct details for the fraudulent funds transfer messages sent to the Federal Reserve. The hackers were “banking” on the fact that a properly formatted message, sent from a “trusted” individual, would be accepted by the Federal Reserve bank regardless of the amount of the transfer or the location of the bank accounts. This exploitation of “trust” is a hallmark of a socially engineered security attack.
But what could have been the perfect crime was brought down by a simple spelling mistake. The hackers misspelled "Foundation" in their request to transfer the funds, spelling the word as "Fundation". This spelling error caused suspicion from Deutsche Bank, a routing bank, which put a halt to the transaction in question after seeking clarifications from the Bangladesh Bank.
In the popular TV show, Mr. Robot, the main character, Elliot Anderson, the leader of the hacker group fSociety, really nails the main tenant of social engineering when he states: “People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like neon signs over their heads.”
We did a 30-minute webinar on the endpoint security exploits featured on the TV program Mr. Robot and how they can be thwarted with DeviceLock. You can view the webinar here: https://www.youtube.com/watch?v=jQmx_cJmDsk
The unfortunate fact is that most of the data breaches that happen in an organization are the result of accidents or inadvertent actions by trusted employees. In the Bangladeshi incident, a trusted employee at the Federal Reserve also trusted the sender of the funds transfer messages in order to perpetrate the fraud. So even in the most security intensive environments, such as banking and finance, you need to protect your people from themselves.
Technologies like DeviceLock’s data leak prevention (DLP) solution play an important role in helping organization guard against socially engineered attacks and the exploitation or manipulation of human nature to initiate security breaches. By managing the specific devices that can be used on a computer, and the types of files that can be accessed on removable media, DeviceLock helps reduce the chance that endpoints can execute malicious code which could later be used to launch an unauthorized data egress breach.
DeviceLock’s content and context level controls are highly configurable and enable you to block or filter both “data-in-use” and “data-in-motion” to provide an even deeper level of protection in order to prevent restricted data from leaving your organization. Our Discovery module lets you gain visibility and control over sensitive “data-at-rest” stored across your entire network environment to proactively prevent potential data breaches.
Socially engineered attacks on trusted insiders will surely increase in the future, since organizations have already tightened their perimeter defences and hackers are always looking for new ways to get in. The risk of a data breach happening accidently or inadvertently by a trusted employee is a huge concern and one that DeviceLock’s DLP solution is ideally suited to stop.
If you'd like to learn more about DeviceLock, please call us at 925-231-4400 or email us.sales (at) devicelock.com and talk to one of our endpoint security specialists. You can also trial the DeviceLock DLP suite for 30 days by visiting our website at: http://www.devicelock.com/download