A global money transfer organization with presence in over 100 countries and over 300,000 payment points suffered losses in excess of $5 million annually due to an easy-to-carry out type of cyberattack. Walk through the many challenges our Incident Response and Digital Forensics Units came up against along the identification and remediation process.
AlienSpy or Adwind was malware used in this cyber attack, which affected compromised APIs for ACH and direct money exchanges, including Write Transfers. ACH fraud through vulnerable APIs is become a mainstream, since transactions are reconciled, and not recorder real time from bank accounts. Similarly, fraudulent direct deposits fraud are leveraging the same model.
Learning Objectives: Hacking as a Service AlienSpy or Adwind:
- Why ACH and direct transfers are target for cyber criminal rings
- How major losses can be incurred by amateur cybercriminals using Hacking as a Service Malware
- Challenges and obstacles experienced along the identification and remediation with third parties
- How LIFARS Incident Response and Reconnaissance Units quickly responded
- How our team saved the client over $4.5 million annually by implementing Kill Switch strategy
While AlieSpy and Adwind infrastructure was dismantled, story of US oil company leaving whole technological infrastructure in the African country with heavy internet connectivity is an example how someone else enterprise network can be used to attack your systems.
Hacking as a Service AlienSpy or Adwind leveraged Java based execution, and power truly came with fact, that 5 billions devices run Java as a supporting web or direct programming component.