Cyber thieves make off with $28,000 in payroll heist

Cyber thieves recently managed to steal a whopping $28,000 from a small New England town after infecting the comptroller’s PC with at least two banking Trojans.

According to security analyst Brian Krebs, the incident in Eliot, Maine, highlights the painful “mismatch” between the sophistication of cyber attackers and the weak security measures protecting many online commercial banking accounts.

Interestingly enough, Krebs was tipped off about the digital heist by an Eastern European “money mule” before it actually occurred.

He quickly alerted Eliot comptroller Norma Jean Spinney, who contacted the local TD Bank.

Although the bank failed to locate any unusual transactions, Spinney was subsequently notified (three days later) about a suspicious batch of payroll direct deposits totaling more than $28,000.

Unfortunately, the town is unlikely to ever recover the stolen funds, as unlike consumers, organizations are not protected against online banking losses from cyber fraud.

“So if you’re responsible for a commercial bank account and you’re accessing the account online, the safest way to do so is to use a non-Windows computer such as a Mac, or a Live CD version of Linux,” Krebs explained.

“The bad guys may begin to write banking Trojans to help them rob organizations using other computing platforms, but all of the attacks I’ve written about to date involved malware that will not run on anything but a Windows PC.”

Krebs also recommended that employees managing commercial bank accounts on Windows machines   login via a dedicated PC – which is not used for casual surfing or any other type of file transfers.