Nigeria’s Economic and Financial Crimes Commission (EFCC) recently issued a warrant for the arrest of Godswill Oyegwa Uyoyou, 38, a member of the IT staff at a Nigerian bank (which Finextra identifies as Skye Bank), for allegedly hacking into the bank’s database and stealing more than 6 billion Naira (approximately $37 million).
Sophos reports that Oyoyou allegedly brought a group of other conspirators into the bank disguised as maintenance workers and helped them access the bank’s computer systems, after which they transferred the stolen funds to fraudulent accounts under the group’s control.
No arrests have yet been made, and the bank hasn’t yet send whether it was able to recover any of the stolen funds.
“Insider risk is a major problem for banks, who can invest all they like in the toughest security at their network boundaries to keep external hackers out, but still have to rely on trusted employees to behave themselves, resist temptation and keep their hands off the huge amounts of funds they may find themselves dealing with every day,” notes Sophos’ John Hawes.
And a recent SpectorSoft survey found that 61 percent of IT professionals surveyed say they’re unable to deter insider threats. “The nature of insider threats — authorized persons misusing their authorization — makes it harder to detect such attacks and protect against them,” the SpectorsSoft report [PDF] noted.
For banks in particular, that’s an ongoing problem.
In February 2014, an anonymous whistleblower reported that as many as 27,000 confidential customer files had been stolen from Barclays Bank and sold to rogue traders — the whistleblower said he learned of the files when his boss asked him to sell them to other traders.
And in April 2014, nine members of a gang that stole more than ?1.25 million from British banks were sentenced to a total of 24 years and nine months in prison. The gang had used KVM (keyboard, video, mouse) switches to attempt to access and control bank accounts at both Barclays Bank and Santander Bank.
In February 2014, Taylor admitted that she had used her position at UMB to generate 377 fraudulent checks totaling $650,659 — as part of her job, Taylor was responsible for generating refund checks after customer accounts were closed.
A recent eSecurity Planet article offered several tips on defending against insider threats, from encryption to data loss prevention solutions.