When it comes to taking down businesses, advanced persistent threats are the way to go. At least thatâ€™s how things ended for Primary Systems Inc., a small business that got ripped off of $180,000 in a malware attack.
According to a story by tech journalist Brian Krebs, the companyâ€™s network was first compromised in May 2012 when an unsuspicious and overly curious company employee opened up a malicious attachment in a spam message, thus installing a backdoor on the computer.
Shortly after the incident, company accountants realized that $180,000 of company money had been moved from their account to 26 accounts opened on behalf of money mules across the United States. Money mules are unsuspicious people usually employed via job classifieds and are told their job is to process payments between companies. Instead, they move funds between victims and cyber-criminals in an attempt to erase the trail. Eventually, the money was transferred to the Ukraine.
â€œThe payroll manager contacted me at 8:00 a.m. that day to ask if Iâ€™d authorized the payroll batch, and I said no, it must have been a bank error,â€ Jim Faber, Primary Systemsâ€™ chief financial officer told Krebs. â€œI called the bank and said they said no, they did not make an error. That was a helluva wake-up call.â€
The attack was planned to the very last detail: the backdoor sent via mail, probably as a PDF attachment with built-in exploit code, the money mules added to the companyâ€™s payroll on the very same day, as well as the fact that the moved money was just below the bankâ€™s alarm threshold, show serious expertise in cybercrime.
Small companies who donâ€™t always have dedicated IT security staff to monitor what happens on the network should â€“ more than ever -Â instruct their employees about the risks of simply popping open a spammy e-mail.