Connecticut Office CALL US AT (203)-295-5050 | New York Office (646)-693-1950
Home - Article

Featured Article

March 15, 2019

Phishing Was Likely Responsible For this $20M Bank Heist


In 2018 a North Korean state-sponsored hacking group stole roughly $15-$20 million from Mexican banks says Josi Loza who presented his findings at the RSA Conference.

According to Wired:

Loza emphasizes that while the attacks likely required extensive expertise and planning over months, or even years, they were enabled by sloppy and insecure network architecture within the Mexican financial system and security oversights in SPEI, Mexico's domestic money transfer platform run by central bank Banco de México, also known as Banxico.

Easy Pickings

Thanks to security holes in the targeted bank systems, attackers could have accessed internal servers from the public internet or launched phishing attacks to compromise executives—or even regular employees—to gain a foothold. Many networks didn't have strong access controls, so hackers could get a lot of mileage out of compromised employee credentials. The networks also weren't well segmented, meaning intruders could use that initial access to penetrate deep into banks' connections to SPEI and, eventually, SPEI's transaction servers, or even its underlying code base.

The worst part about these attacks is information was not encrypted at rest, allowing attackers access to transaction data once they breached the network.

Hackers are getting more sophisticated and companies are not taking the necessary precautions to protect themselves from attacks.

Other important information to be aware of is the U.S. is the largest hacker target and the cybersecurity threat to business is worse than ever.

Hackers in fact, are reinvesting – spending 10 times more than enterprises to control, disrupt and steal!

Every company is a potential target and should use a phishing simulation tool which tests employees by sending safe phishing emails. When employees click, they are then presented with educational material which helps them learn what to avoid.

One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.

The good news is the workers who click, can be quickly trained on what to avoid in the future.

Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:

  1. Cybersecurity training must be done regularly.
  2. Auditing and documentation must be performed regularly to ensure systems are secure.
  3. Anomaly detection should be running constantly to detect threats as they emerge.
  4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
  5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
  6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services



Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!