14 DAY TRIAL // The Slovenian national Computer Emergency Response Team (SI-CERT) reveals that five Slovenians have been arrested on suspicion of stealing almost 2 million EUR ($2.6 million) from small and medium-size companies.
The funds were transferred with the aid of 25 money mules recruited via a work-from-home scheme that leveraged the name of a non-existent British insurance company.
According to SI-CERT, the suspects used pieces of malware to breach their victims’ systems and gain access to their bank accounts.
The crooks delivered the malware via bogus emails sent to the targeted company’s accounting department. The notifications, apparently coming from a local bank or the state tax authority, informed recipients about a late payment.
Once the malware was installed, it started harvesting passwords and installed additional components such as Remote Access Trojans (RATs). When the victims failed to remove the smart cards containing the bank-issued certificates, the attackers were able to gain access to their bank accounts and transfer funds.
To avoid being detected, the attacks usually took place on Fridays or one day before national holidays.