recommended reading

Agencies could be prone to new kind of sophisticated cyberattack

Federal computer networks are vulnerable to the same type of sophisticated cyberattack that recently cost a global bank more than $1 million in a month, according to a security company official.

Hackers used a "man-in-the-browser" attack to steal a total of $1,077,000 from about 3,000 customers of a large financial institution between July and August, a report released by M86 Security on Tuesday indicated. In such attacks, the perpetrator installs on the victim's computer Trojan horse software capable of modifying Web transactions in real time. The report did not name the bank because an investigation is currently under way, but said the victims were located primarily in the United Kingdom.

While big payouts often are the motivation for man-in-the-browser attacks, hackers could use a similar strategy to steal classified or other sensitive information from federal agencies, said Bradley Anstis, vice president of technology strategy for M86 Security.

"Any websites that [enable] large financial transactions or [the exchange] of sensitive information, of which government has quite of a few, are at risk of this type of cyberattack," Anstis said. He noted advanced security controls, including multifactor authentication, won't protect systems from man-in-the-browser attacks, because the software running on infected machines "looks over the shoulders" of users who have the appropriate credentials.

Unlike phishing attacks, which infect computers when users click on a malicious link in an e-mail, man-in-the-browser attacks load malware onto computers when users visit legitimate websites that also have been compromised, typically via third-party advertisements. The Trojan horse remains dormant on the infected computer until users visit a particular site -- in this case their financial institution -- and enter credentials to access their account.

As a user logs in, the perpetrator uses the malware to gain account access, intersect transactions and manipulate requests. If a user requests a money transfer to pay rent, for example, the hacker will reroute funds to an external account; when the bank asks for authorization for the transfer, the malware routes the request back to the user, who enters the required information, "assuming that the bank is doing a great job at protecting his or her information," Anstis said. The malware even allows the perpetrator to adjust the user's balance online and in downloaded PDF documents as needed, to evade detection.

The attackers seem to target accounts with larger balances, ensuring sizable transfers don't result in overdraft notifications that alert victims. Stolen funds are transferred to what are known as money mule accounts, which are legitimate banking accounts whose owners often are unaware they're participating in criminal activities. Money mule accounts are used only a few times within a certain time frame.

"These types of attacks really take cyberthreats to a whole other level," Anstis said. "There's little the organization or [computer] user can do."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.