The recent $63,000 hack of a Kansas car dealership highlights a dangerous vulnerability companies sometimes face when balancing their books online.
On Nov. 1, 2010, the controller for Abilene, Kan.-based Green Ford Sales, Inc. submitted $51,970 in payroll checks to First Bank Kansas through the bank’s online banking website, according to the blog Krebs on Security.
The bank’s authentication program sent the company's controller an e-mail to confirm and approve the transaction details, which he did. Unbeknownst to the controller, however, cybercriminals had infected his Windows PC with the infamous Zeus Trojan, a piece of malware engineered to aid criminals in hijacking online banking information.
With total access to the company’s online finances, the crooks were able to siphon $63,000, and even intercept the bank’s confirmation e-mail so the controller had no idea any illicit transaction took place.
Green Ford recovered $41,000, and although the company has since changed its security procedures, Krebs said that as long as PC viruses exist, online banking sessions will continue to be high-priced targets for cybercriminals.
“If a bank’s system of authenticating a transaction depends solely on the customer’s PC being infection-free, then that system is trivially vulnerable to compromise in the face of today’s more stealthy banking Trojans,” Krebs wrote.
One such advanced method of theft is known as “session riding,” in which crooks uses malware – including the recently discovered "OddJob" -- to intercept a bank’s authentication ID and gain complete access to customers’ online banking sessions after the customer has logged out.
- ‘OddJob’ Trojan Lets Bad Guys Sneak into Your Bank Account
- Hear That? It’s Your Bank PIN Being Stolen
- Security and Privacy Software Review
