Cybercrime continues to be an issue that’s front and center for business leaders and public officials across the country.
In November, officials for the City of El Paso discovered that electronic payments made to vendors totaling $3.2 million were misdirected into fraudulent accounts. And, as 2016 drew to a close, an electric company in Vermont found malware code linked to Russian hackers on one of its laptops.
Watch: Information Security In A Ransomware World
As we dive into a new year, it’s likely that we will continue to see an uptick of cybercrime. And while we all want to know exactly how these fraudsters were able to hack the databases of these large-scale entities; due to the ongoing nature of these investigations, it’s unlikely that we will hear many of the specific details any time soon.
However, we do know that that most cybercrime originates from Eastern Europe, specifically the territory formerly known as the Soviet Union. In fact, a Joint Analysis Report issued on Dec. 29, 2016, by the Department of Homeland Security and the FBI notes that criminals from this area of the world regularly carry out cyber operations that have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of data or Intellectual Property (IP). Spearphishing occurs when a fraudster is able to gain access to your network after conducting an investigation to reveal information specific to your business, government entity or nonprofit organization in order to develop a working knowledge of your organization. These campaigns have resulted in more than 90 percent of the reported instances of Ransomware and CEO Fraud.
Your Out Of Office Is A Green Light To Cybercriminals
In El Paso, it’s likely that a government official received an email from a fraudster who had taken time to get to know the entity and/or the vendor in question. From there, a single click on a fraudulent email was all it took to set the scam in motion.
The “Nigerian Prince” emails aren’t the only ones to be concerned about. It’s getting harder and harder to tell the difference between those sent by a legitimate sender and those fabricated by a cybercriminal. Hackers are also being careful to strike at just the right time – oftentimes after learning that that the primary person responsible for financial transactions is off on vacation, sick leave or maternity leave per an out of office notification. Their hope is that the person filling in is more likely to take the bait.
Data Security Is Everybody’s Job
With regard to the malware discovery in Vermont, a spokesperson with Burlington Electric, the company at the center of the investigation, said that the malware-infected laptop was not connected to its grid systems. And, upon learning of the breach, the municipally-owned utility company acted fast to isolate the laptop and alert federal officials. Steps are also being taken to “trace this malware and prevent any other attempts to infiltrate utility systems.”
If you ever discover that your network has been infiltrated, contact the FBI immediately. As the primary responder for all cyber events in the U.S., the agency will send in their Computer Analysis Response Team to manage the breach. You can read this article to learn more about their process.
This is particularly true when your finances are in jeopardy. Every request that involves the transfer or change of set payments should be verified with the person requesting the change by contacting the person at a known phone number.
We have quite a few helpful resources and best practices available on our website. You can also check out Rea’s YouTube page to watch a video of a recent presentation we conducted with The Bonadio Group on this very topic. You can also send me an email if you have additional questions.
By Travis Strong, CISA (Wooster, OH)