How Big Banks Are Used in Small Banks’ Business Cyberheists

Posted
Home / Blog / IT security news / How Big Banks Are Used in Small Banks’ Business Cyberheists
How Big Banks Are Used in Small Banks’ Business Cyberheists

A cyberheist of $170,000 recently on an Illinois nursing home is yet another one of the increasing numerous crimes by cybercriminals. It shows how conglomerate financial institutions are being used to attack the small regional banks and credit unions whose security weaknesses are all too obvious.

There are close to a 100 organizations of varying sizes that have been victims of cyberheists in the recent years. Unsurprisingly, a certain trend and theme can be pointed out in a number of these attacks.

  • Many an organizations targeted by criminals put their money in moderately small banks.
  • Most of the mules used to launder the stolen funds are using top big five U.S banks. The mules do this either unwittingly or knowingly.

On Dec 17th, 2012 cybercriminals carried out an attack on Nile Nursing Inc. They accessed the nursing home’s bank accounts using the company’s controller’s computer and his login details. As it happens, this case is just one of the many common methods used by criminals. The reprobates started by including an additional 11 mules into the payroll of the victim organization. They then sent more than $58,000 through illegitimate automated clearing house (ACH). They asked the mules to withdraw the funds in cash and thereafter transfer it onward to Russia and Ukraine.

The crooks used the controller’s PC to perpetrate their crime. An additional 11 employees spread across five states by the company didn’t strike the bank as suspicious. According to Nile nursing home’s bank, Optimum Bank which is based in Ft. Lauderdale, Fla, the hackers used genuine credentials to log in and create the extra 11 accounts. For the following 2 days, the criminals managed to carry out two transfers. On the 19th, the bank discovered the breach and blocked a supposed third transfer.

In order to perpetrate their illegal audacious attack, the criminals are suspected to have recruited at least two dozen mules. Each and every mule, save for two, opened an account at four of the five largest banks in the US. Some of the big banks included Chase, Citibank, Bank of America and Wells Fargo. These large banks house thousands if not millions of retail banking accounts in America. In interviews conducted with a number of mules, the mules had been instructed by the hackers to open an account in the said big banks if they did not have any already.