Financial institutions are one of the major targets of Business Process Compromise (BPC) attacks, as seen in the 2016 Bangladesh Bank incident in which $81 million was stolen during a sophisticated attack by abusing the bank’s internal processes. In another recent incident, another BPC attack targeted banks across multiple post-Soviet states, with losses totaling roughly $40 million.
BPC attacks involve manipulation of a legitimate internal process. In these latest attacks, the attackers combined real-life fraud with cyberattacks to pull off the heist. The first part involved the abuse of the Overdraft Limit (OD), which refers to the amount that debit card users can access beyond what is actually contained in their account. In this scenario, attackers sent various individuals to sign up for bank accounts with debit cards. The debit cards were then forwarded to the perpetrators, who were located in various countries throughout Europe.
The attackers also used a phishing campaign to target bank employees, aiming to install malware (Detected by Trend Micro as TROJ_MBRWIPE.B) on their systems. This malware gives attackers a backdoor into the bank’s network and systems. Once inside, the attackers will then use the banks’ VPN credentials to gain access to the network of third-party payment processing providers, after which they will drop various malware, including a monitoring tool that allows access to infrastructure that controls card management. Additional software, the legitimate monitoring tool Mipko, was also installed to capture screenshots and keystrokes, among others.
The sophisticated planning and implementation of the heist make it a perfect example of how a BPC attack works. These attacks are a growing problem for organizations, as information from 2013 to 2015 shows that organizations have lost at least $3.1 billion to BPC attacks—a number that is likely much higher today.
All organizations from large banks to SMBs are potentially vulnerable to BPC attacks. However, there are ways to prevent or minimize the impact of BPC attacks:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.