A Massachusetts community college suffered from a phishing attack that dropped a malware payload designed to steal banking information, which netted thieves $807,130.
Although no details regarding the malware used to steal $807,130 from Cape Cod Community College’s banking accounts, the most probable culprits are banking Trojans such as Emotet specifically designed to target and exfiltrate financial info such as bank logins and cryptocurrency wallets.
After detecting the initial attack which successfully infected multiple computers in the Nickerson Administration Building, the college also identified and blocked several other subsequent security attacks.
“The malware targeted the college’s financial transactions. It appears as though it overwrote the URL address for the college’s bank, TD Bank, creating a fake site that looked and functioned like the financial institution,” said the college’s President John Cox in a published report.
“That done, the hackers were able to deal directly with the bank, resulting in nine fraudulent transfers totaling $807,130 from the community college’s coffers,” Cox said.
Besides being able to fake the bank’s website, attackers were also able to validate the nine transactions by making multiple phone calls using social engineering techniques that persuaded the bank employees to clear the money transfers.
The bank did manage to block three fraudulent transactions attempted by the hacking group and is currently cooperating with the FBI in an ongoing investigation trying to recover the stolen money.
Although the college’s IT team found one of the infected attachments and managed to quarantine the malware embedded within, the virus had enough time to spread on the system, replicate itself, and propagate to other computers.
The possibility of the malware finding another point of entry into the college network is also on the table, although the incident’s investigators have all their money on the malware having evaded the anti-malware solution used by the IT team during the initial diagnostics.
“To date, $278,887 of the funds have been returned and the recovery process is ongoing,” Cox said in the report.