Go to listing page

Cybercriminals hacked the National Bank of Blacksburg twice in 8 months

Cybercriminals hacked the National Bank of Blacksburg twice in 8 months
  • The two attacks saw cybercriminals steal over $2.4 million.
  • Hackers used phishing emails to target an employee of the bank and gain access to the bank’s network.

Hackers stole over $2.4 million from the National Bank of Blacksburg in two separate cyber intrusions that were carried out using phishing email, in a span of eight-month period.

Following the loss incurred due to these breaches, the Virginia bank requested for a full recovery from its insurance provider, Everest National Insurance. However the bank was denied restitution.

The National Bank has since filed a lawsuit against the Everest National. According to the lawsuit, which was filed last month, the bank said that it had a policy with the insurance company which provided insurance to computers & electronic devices in the event of any cybercrime. The policy also covered insurance for the losses which were directly incurred by the stolen or altered debit card or counterfeit cards.

In both breaches, the hackers took the advantage of both the elements -- the bank’s computers and customers’ debit cards -- to steal over $2 million.

Modus operandi

The first heist took place on May 28, 2016, after an employee at the National Bank of Blacksburg fell victim to a phishing email. This email allowed the cybercriminals to install malware on the victim’s PC and to hijack a second computer which had access to the STAR Network.

This is a system that the bank leverages to handle users’ debit card transactions. The second computer even had the ability to manage customers' accounts and their use of ATMs and bank cards.

After gaining access to the bank’s networks, the hackers were able to manipulate and alter users’ 4-digit personal identification numbers (PINs), control the withdrawal limits and daily debit card usage limits. The attackers also used ATMs across North America to steal funds from customer accounts, making away with around $569,000.

Second breach

Following the 2016 breach, the National Bank hired Foregenix, a cybersecurity forensic firm, to investigate the matter. In June 2016, the bank implemented additional security protocols known as ‘Velocity Rules’ to mitigate such cybercrime attempts.

However, the implemented security solutions turned out to be ineffective when a second heist took place just eight months after the first. In January 2017, hackers once again broke into the bank’s system using the same old phishing email tactic.

This time the intruders had not only gained access to the STAR Network but, had also managed to compromise a workstation that was connected to Navigator - a software used by the bank to monitor debits and credits in a customer’s account.

Access to the Navigator allowed the attackers to actively monitor customer accounts and even delete access to fraudulent debits. The bank reportedly lost a sum of $1,833,894 in the second breach. Verizon was hired to investigate the 2017 attack.

In response to the bank’s allegation, Everest released a report on July 20, claiming that the bank has not properly characterized the terms of its coverage on the basis of which the insurance company can take a decision. However, the National Bank continues to stand firm on its explanation and awaits for the final decision on the financial recovery that was lost in two breaches.

It is still unknown if the attacks were the work of an organized cybercrime group such as Lazarus, which has attacked several financial institutions across the globe over the past few years. The attacks are an indication that financial institutions must take a more proactive approach to defending themselves against attacks.

Cyware Publisher