Connect with us

Technology

How Visa can protect your business from cybercriminals

Published

on

 

Someone walks up to an ATM and punches in a request for a $5,000 withdrawal. Even though there’s only $50 in the account, the ATM immediately spits out a mountain of crisp $20 bills.

How does this happen?

Blame the “Man in the Middle,” one of the latest and more clever criminal methods affecting financial institutions today. Penny Lane, head of Visa’s Payment Fraud Disruption program, explained how “Man in the Middle” attacks are pulled off to attendees at Visa’s recent Security Summit in San Francisco.

In the past, criminal gangs would typically steal from ATMs by sending a team — known as “cash-out crews” — to several bank branches at once. They’d use stolen debit cards and PINs to grab funds.

In the new attacks, criminals gain access to the banking system and install software that intercepts communications between the ATM and the bank’s “payment switch.” This is the mechanism that approves or denies transactions.

“Once the criminal’s software is in place,” Lane says, “they take over control of the bank’s network and can approve anything they want.”

Criminals no longer need stolen debit cards. They don’t need legitimate PINs. They also don’t leave a log record, which makes the crime more difficult to investigate.

A new era of attacks

Like many developments in financial fraud, these ATM cashout attacks — referred to as FASTCash — were the invention of Lazarus, a cybercrime group linked to the North Korean government.

Nation states have long tried to steal secrets from other governments. Over the past 18 months, Lazarus has ushered in an era where nation states use their military-grade cyber expertise for financial gain.

For example, Lane says Lazarus was also behind new financially-motivated phishing schemes — attempts to gather a person’s passwords or other sensitive information.

By now, most employees have been trained to be wary of suspicious-looking email and not click on attachments. But Lazarus is not using obvious phishing techniques. In one case, the Lazarus group identified a bank employee whose credentials they wanted to steal and specifically targeted the employee with a robust social-engineering strategy.

They posed as headhunters and even arranged to conduct a Skype interview with him. This elaborate ploy put him at such ease that the employee filled out an application form called “application.pdf.exe,” which normally he would have noticed as a software program.

“The bank employee filled out the form on his home computer, but the criminals wanted to infiltrate his work network,” Lane says. “So they called him at work the next day and told him his file had been corrupted and he needed to fill out a new form immediately. He did.”

Lane’s presentation also featured a 2019 incident that may signal another type of attack. A bank had a power outage and “failed over,” or switched, to a secondary data center. The backup center did not have the same stringent security as the primary data center.

Within 30 minutes, the bank experienced ATM and point-of-sale fraud. It’s unclear whether criminals caused the power failure or were monitoring the bank so closely that they could leap on an opportunity. “I don’t believe in coincidences,” Lane says.

Better defense against new threats

Margaret Reid at the Visa Security Summit
Visa

Margaret Reid, a senior vice president at Visa, says it’s important for everyone to understand the newest threats and the best ways to combat them.

This includes straightforward procedures like making sure someone at a company is available to answer phone calls from Visa while they are dealing with an intrusion. Criminals count on companies overlooking such basics in the scramble to address an attack.

Visa also released a number of new capabilities, like technology that determines if an e-commerce site has been affected with malware that steals payment information after a visitor makes a purchase.

“We’re in the middle of all this, and we see so much more than any individual endpoint,” Reid says. “We’re not just sitting back, but we’re looking for ways to mitigate the worst of the attacks and even prevent them.”

Find out more about how Visa can protect your business from cybercriminals.

This post was created by Insider Studios with Visa.

Continue Reading
Advertisement Find your dream job

Trending