$1 Million Theft from U of Virginia; Business Losses Up to $1 Billion from Cyber Thieves

Cyber crooks stole nearly $1 million from a satellite campus of The University of Virginia (UVA) last week. The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public liberal arts college located in Wise, Virginia. According to sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal online banking credentials for university accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story. Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations. The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa. Criminals who bilk businesses’ online banking accounts have gotten bolder and greedier in their heists over the past year, which could ultimately result in some $1 billion in losses for U.S. companies in 2010. So said the chairman of the Anti-Phishing Working Group and CEO of IronKey: “Trend-wise, we’ve been looking at reports of losses since the beginning of last year at $100,000 per incident, and as we got to the latter of last year, we saw losses in the $400,000 to $500,000 range, and now we’re seeing losses in the [millions range],” he said. “The majority of successful heists in cybercrime seem to be against smaller companies that tend to bank with small to midsized banks or credit unions. These banks don’t have the security expertise that top banks [do] — they have the IT guy, whose also responsible for security,” he said. “And many are outsourcing their banking systems to third parties, so they don’t have a front-line security posture.” A vice president and distinguished analyst at Gartner said $1 billion in losses from ebanking fraud for small to-midsize businesses (SMBs) is possible for this year, but that figure may be more applicable to losses over the past year and a half. It is difficult to put hard numbers on ebanking losses to SMBs and banks, she said.

Comments? Tweet Security Magazine at http://twitter.com/securitymag