Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

Use Netsparker


A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.

Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by using 2 factor authentication such as hardware tokens or SMS verification.

Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona “up to £580,000” in what security company McAfee is describing as the “biggest ever” online bank heist.

Over the last 15 months, Nordea customers have been targeted by emails containing a tailormade Trojan, said the bank.

Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved.

If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus on their computers. The bank has borne the brunt of the attacks, and has refunded all the affected customers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea security procedures.

“It is more of an information rather than a security problem,” said Ehlin. “Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith.”

As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ;)

Source: Zdnet UK

Posted in: Hacking News, Malware, Privacy, Social Engineering

, , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


3 Responses to Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

  1. Bogwitch March 14, 2007 at 1:43 pm #

    “As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ”

    So, you would open a random executable as long as it was signed and hashed?

    Sheesh.

  2. Darknet March 14, 2007 at 6:18 pm #

    Bloody pedants!

  3. Patrick Ogenstad March 15, 2007 at 8:05 am #

    “If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.”

    Then again a lot of people will listen to the fact that some of the customers didn’t have antivirus, by talking about antivirus and giving it away for free the bank is shifting the blame to the customers.

    That way less focus will be spent on the banks security issues. It would be more useful so check how many of the customers were running as a local administrator.