$1 Million Theft from U of Virginia; Business Losses Up to $1 Billion from Cyber Thieves
Cyber
crooks stole nearly $1 million from a satellite campus of The University of
Virginia (UVA) last week. The attackers stole the money from The University of
Virginia’s College at Wise, a 4-year public liberal arts college located in
Wise, Virginia. According to sources familiar with the case, thieves stole the
funds after compromising a computer belonging to the university’s comptroller.
The attackers used a computer virus to steal online banking credentials for
university accounts at BB&T Bank, and initiated a single fraudulent wire
transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T
declined to comment for this story. Sources said the FBI is investigating and
has possession of the hard drive from the controller’s PC. A spokeswoman at FBI
headquarters in Washington, D.C. said that as a matter of policy the FBI does
not confirm or deny the existence of investigations. The attack on UVA Wise is
the latest in a string of online bank heists targeting businesses, schools,
towns and nonprofits. Last week, cyber thieves stole more than $600,000 from
the Catholic Diocese of Des Moines, Iowa. Criminals who bilk businesses’ online
banking accounts have gotten bolder and greedier in their heists over the past
year, which could ultimately result in some $1 billion in losses for U.S.
companies in 2010. So said the chairman of the Anti-Phishing Working Group and
CEO of IronKey: “Trend-wise, we’ve been looking at reports of losses since the
beginning of last year at $100,000 per incident, and as we got to the latter of
last year, we saw losses in the $400,000 to $500,000 range, and now we’re seeing
losses in the [millions range],” he said. “The majority of successful heists in
cybercrime seem to be against smaller companies that tend to bank with small to
midsized banks or credit unions. These banks don’t have the security expertise
that top banks [do] — they have the IT guy, whose also responsible for
security,” he said. “And many are outsourcing their banking systems to third
parties, so they don’t have a front-line security posture.” A vice president
and distinguished analyst at Gartner said $1 billion in losses from ebanking
fraud for small to-midsize businesses (SMBs) is possible for this year, but
that figure may be more applicable to losses over the past year and a half. It
is difficult to put hard numbers on ebanking losses to SMBs and banks, she
said.
Comments?
Tweet Security Magazine at http://twitter.com/securitymag