Cyber bank robberies a warning for business, say experts

Barclays has joined Santander in being targeted by criminals who took control of bank computers using inexpensive kit

Santander is the latest bank to be targeted by criminals who took control of a Barclays computer using inexpensive kit.

The Santander attempt was foiled, but £1.3m was stolen from Barclays using a keyboard video mouse (KVM) switch to gain remote control of a computer at the bank and transfer funds out of accounts.

The KVM is commercially available and designed to enable users to control multiple computers from one keyboard, video monitor and mouse.

In both cases, the device was attached to a bank computer by someone masquerading as an IT maintenance engineer.

The London Metropolitan Police said eight men have been arrested and most of the money recovered after it was transferred from a Barclays branch in Swiss Cottage in north London in April.

The robbery is being linked to a recent attempt to use the same KVM strategy to steal from Santander, and both cases are under investigation by the same police team, according to the BBC.

Four men were arrested and charged with attempting to take control of computers at the Santander branch in Surrey Quays, south-east London, but police have indicated that the latest arrests in connection with the Barclays heist are at a higher level of the criminal network involved.

Multi-layered security required

Both cases underline the need for organisations to continually ensure that appropriate physical security controls are deployed, as well as technical IT controls.

“Using KVMs is highly attractive to criminals, especially if placing a device is seen as an easy alternative to attacking a bank online or via social manipulation,” said Chris McIntosh, chief executive of ViaSat UK.

These two cases prove that attacks will always be aimed at what they perceive is the weakest link, such as firewalls, employees, laptops, or the fact that nobody usually questions an engineer, he said.

“Organisations should take a somewhat fatalistic approach, and accept that some form of penetration is inevitable, said McIntosh.

IT security strategies can then reflect this, he said, by aiming to spot any unexpected movement or transmission of data by using network visualisation and monitoring tools, for example.

“Much like a superbug, cyber attacks are constantly evolving, whether by finding entirely new routes or new uses for old-fashioned methods. Organisation need to focus on curing, rather than preventing, these new threats,” said McIntosh.

Martin Jordan, director of information security at KPMG, said the risk posed by new cyber attack technology goes beyond banks: “This should be a wake-up call to anyone working in back-office, trading and treasury desks, who will be trading millions of pounds. 

"The equipment used in the retail banking attacks is readily available online, costing no more than a few hundred pounds," he added. “Companies therefore need to increase their vigilance. As an initial response, companies should be performing bug sweeps of front and back-office locations, both at a physical and electronic and radio frequency level,” he said.

Read more on Hackers and cybercrime prevention