Phishers Compromise College's Banking Info and Steal Over $800K
Fraudsters recently used a phishing attack to steal over $800,000 from a community college located in Massachusetts.
Cape Cod Community College President John Cox sent out an聽聽on 7 December in which he revealed that phishers had targeted the educational institution a week prior.
In the attack, someone opened up a suspicious email that appeared to originate from another college. The recipient didn鈥檛 have any suspicions about the email at first, reported聽, so they clicked on the attachment. Upon noticing something suspicious in the attached file, the individual followed college protocols and forwarded the email to IT. Their analysis uncovered malware hidden in the attachment, so they decided to quarantine the threat.
But by then it was too late. Cox told Cape Cod Times that the analyzed malware sample was polymorphic in nature and had 鈥渢he ability to replicate.鈥 IT suspects it鈥檚 these capabilities that enabled the malware to evade detection by the college鈥檚 anti-virus solutions and to ultimately infect several computers in the Nickerson Administration Building.
At that point in time, the malware went after the College鈥檚 financial transactions. Cox explained that the malware did this by creating a fake website impersonating the educational institution鈥檚 bank. The digital attackers used this resource to try and approve 12 fraudulent money transfers. Nine of those attempts were successful, earning the digital attackers $807,130 in funds stolen from the College.
It didn鈥檛 take long for Cape Cod Community College to figure out what had happened. Upon discovering the malware infection, the educational institution鈥檚 IT department first and foremost worked to determine what information the attack might have compromised. Their analysis uncovered that the incident had not exposed any personally identifiable information or student/employee record was compromised. it also determined that payroll and other financial services were still secure.
At that point, IT began to replace all infected hard drives and roll out new endpoint protection software. Cox said that the College intends to roll out digital security training for all faculty, staff and students in the near future, as well.
In the meantime, the College began working with the FBI and its bank to try to recover the stolen funds. As of this writing, they had succeeded in returning $278,887.
Cox said that he hopes the college will 鈥済et most of this recovered.鈥 But reflecting on the commonality of phishing attacks, he admitted that he鈥檚 not sure that 鈥渢hey [law enforcement] ever get to the point they nail everybody that鈥檚 responsible.鈥 He therefore thinks that organizations like Cape Cod Community College need to focus on preventing a successful phishing attack in the first place.
As he stated in his email:
This attack on our College鈥檚 security demonstrates the power and danger of modern cybercrime. Despite ongoing cyber security training and continuous upgrades to the College鈥檚 network security, those with the power to execute a sophisticated malware attack found a way to do so. In order to combat these types of crimes, we must continue to invest in modern technology that identifies and eliminates these threats before they can detonate, and perhaps more important, we must all be vigilant in聽recognizing threats at our work stations.
To truly protect themselves against phishing attacks, organizations require layers of protection when it comes to their email security. They can achieve this level of defense by investing in a security solution that analyzes multiple characteristics of an attack email starting with its IP address and URLs. Such a tool should also leverage real-time threat analysts, automated traffic analysis and machine learning to analyze the email for targeted phrases, campaign patterns and both known and zero-day malware attacks.
.