The definition of breaking into a bank has changed dramatically in recent years. Heists are no longer exclusive to armed robbers and plot points in Hollywood blockbusters. Instead, all it takes to steal tens of millions of dollars is a few cunning hackers who know how to exploit the security vulnerabilities within a financial institution.
This week, we discuss business process compromise (BPC) attacks -- a hard-hitting cyberattack that’s growing popular with digital bank robbers.
What is BPC?
As its name suggests, BPC attacks take advantage of poorly managed business processes to commit large-scale monetary theft. Cybercriminals often use malware to infiltrate enterprises and create unauthorized transaction requests. And when business processes are attacked, enterprises will often approve the request and unknowingly transfer goods and money to the cybercriminal.
Massive earnings
Last Feburary, highly skilled cyber criminals used an assortment of malware to compromise the Bangladesh bank’s computer network and gain access to the institution’s credentials for payment transfers.
The perpetrators then struck the Federal Reserve Bank of New York with dozens of wire transfer requests and routed large sums of money to the Philippines for money laundering purposes. Although the hackers intended to run away with $951 million, they only got their hands on $81 million, cementing the Bangladesh bank heist as one of the largest recorded cyber thefts in history.
If we compare the financial gain of ransomware attacks, roughly $30,000 per victim, and business email compromise attacks averaging at about $140,000 per incident, to the massive $81 million payout of BPC attacks, we can easily predict that more high-profile threat actors and transnational cybercriminal groups will resort to BPC attacks to line their pockets.
Beyond bank robberies, we also believe that more hackers will use BPC attacks to reroute online payments straight to their bank accounts or intercept products and goods, which make small- and medium-sized businesses viable targets.
How to prevent cyber heists?
While it might be difficult to detect when a hacker has infiltrated business processes, deploying in-depth security controls will help you prevent a massive BPC disaster.
Role-based access controls that tighten the gateways to mission-critical systems will limit the hacker’s options if he or she does manage to breach your IT infrastructure. Meanwhile, advanced endpoint protection solutions like antivirus software are effective at detecting and nullifying malicious activity within your systems.
However, when it comes to cyberattacks, don’t forget the importance of security training. A company with an office culture centered around strong security practices and awareness will be able to avoid most cyberattacks.
Given their success, BPC attacks might be intimidating to small- and medium-sized businesses, but they are preventable. Contact us at www.intelligis.com to have access to your very own IT services team in Atlanta. We are experts in dealing with BPC, malware, phishing, and other cyberattacks that threaten your business, and we are ready to protect your systems no matter what.
We would like to say that we have discussed everything you need to worry about this year, but we’ve only covered half of the cyberattacks your organization needs to prepare for. Check in next week for more of our cybersecurity forecast!
