A group of cybercriminals has managed to steal $180,000 (140,000 EUR) from the bank accounts of Primary Systems Inc. – a communications and safety solutions provider – in just one go. They accomplished the task with the aid of a cleverly planted piece of malware.According to security journalist Brian Krebs, the crooks played it by the book, but the small company and the financial institution that handled its finances could have done a lot to prevent the incident from happening.
The intrusion, which occurred in May 2012, started with a cleverly designed email sent to one of the company’s employees. The fake notification allowed the hackers to open a backdoor on the firm’s networks.
A few days later, the company’s payroll manager noticed that the amount of $180,000 (140,000 EUR) was leaked from their own accounts to the ones owned by 26 individuals located throughout the United States.
Each of these money mules was given between $5,000 (4,000 EUR) and $9,000 (70,000 EUR), then being instructed to forward the funds to Ukraine.
Initially, Primary Systems’ chief financial officer believed that it was a bank error, but the financial institution – Enterprise Bank & Trust – confirmed that it had authorized the payroll batch.
Such incidents have started to occur more often in the past period and they should act as a wake-up call for many organizations, since it’s clear that the effects of cybercriminal campaigns can be devastating, especially for small businesses.
There are several lessons that can be learned from this incident. One of them is that the crooks rarely get it wrong. Their every move is almost perfectly thought out not only to ensure that they can steal the money, but also to make sure that they can get away with it.
In this particular case, the fraudsters stole only $180,000 (140,000 EUR) because they were aware of the fact that the bank wouldn’t have allowed transfers that exceeded $200,000 (156,000 EUR) without confirming it with the company.
On the other hand, the bank and the company have made a lot of mistakes. First of all, the firm should have educated its employees better on the risks posed by malware and other cybercriminal schemes.
More effective security solutions should have been set in place. Experts have often warned organizations not to perform sensitive operations from computers that are utilized for common tasks such as reading email.
Furthermore, they could have signed up for Enterprise Bank & Trust’s Positive Pay service, which allows the company to share its check register with the bank. The system ensures that no checks are paid unless they’re listed in the register.
Enterprise Bank & Trust also shares part of the blame, as it could have raised some questions about the “payroll” transfer, especially since it was processed on a different day than the one on which the company usually performed such transactions.
Moreover, the fact that 26 new employees from all over the US were added to Primary’s payroll in one night should have been suspicious, to say the least.