Banking, Malware Mischief, and Managed Detection

August 9, 2018 Todd Thiemann

Intrepid security journalist Brian Krebs recently brought to light compromises suffered by the National Bank of Blacksburg in Virginia. The bank suffered two successful phishing attacks in eight months and more than $2.4M was stolen as a result of the attacks. This episode is not unusual for the financial services industry, but what makes it particularly interesting are details that have come to light via a lawsuit over cybersecurity insurance payouts (or lack thereof).

In addition to the $2.4M in theft, the bank has incurred expenses of nearly $500K for investigation, remediation and legal consultation according to the bank 10-K filed with the SEC.  They have so far avoided any consumer or shareholder lawsuits.

The attacks appear to have originated in Russia according to Verizon, which was hired to investigate the second attack in 2017.  The Verizon forensic experts concluded that the tools and servers used by Russian hackers in the second attack were used by the same group of attackers that struck eight months before.  While there are frequent brute-force attacks against financial institutions, this particular phishing attack was performed against a bank employee using a malware-laden Microsoft Word document.

The bank is currently involved in court action because its cyber insurance policy is not paying out as expected. The bank thinks the entire amount should be covered, but their insurance carrier (Everest National Insurance Company) is only covering $50K and not the entire $2.4M.

A key takeaway from this episode is to always consult with an insurance specialist to structure an optimal cyber insurance policy. Looking at the bigger picture, however, it also illustrates the challenges mid-sized financial institutions face in detecting and responding to cyberthreats without needed resources and cybersecurity expertise in-house.

Regional banks and credit unions typically cannot afford a 24×7 security operations center (SOC) staffed by eight to 12 security analysts. Instead, they seek managed services help for continuous monitoring, threat detection and response to counter these sorts of attacks. That is one reason why industry analyst firm Gartner expects managed detection and response (sometimes called “SOC-as-a-service”) adoption will triple between now and 2020.

To learn more, download Gartner’s recent market guide on MDR.


About the Author

Todd Thiemann

Todd Thiemann is a Product Marketing leader at Arctic Wolf Networks. He writes and engages in thought leadership on behalf of Arctic Wolf because, as he describes, Arctic Wolf is an innovative security startup that is radically changing how enterprises perform managed detection and response.

You might also be interested in...
Previous Article
How Cybersecurity Professionals Serve Businesses
How Cybersecurity Professionals Serve Businesses

The most crucial infosec function is "security operations," and in particular, threat detection and inciden...

Next Article
An Overview of the Different SOC Models
An Overview of the Different SOC Models

What's the best choice of SOC model for SMEs?


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!