Security Fix: More Business Banking Victims Speak Out
Brian Krebs writes on Security Fix:
Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs.More here.
David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country.
"Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and the likelihood anyone will catch them seems to be extremely slim."
It's not certain what malicious software was responsible for the stolen credentials, but the attack bears similarities to methods used in the $415,000 fraud perpetrated against Bullitt County, Ky. in July, which involved a notorious strain of data-stealing malware called "Zeus," or "Zbot."