A cyber criminal gang stole $25.7 million (£17.8 million) from Russian
banks in 13 attacks conducted between August 2015 and February 2016.
Buhtrap as the gang has been called by Group-IB used spear phishing
emails to send infected Word documents to financial institutions. When
opened, these documents downloaded malware that ultimately enabled the
attackers to create fraudulent transfer orders so that the bank would
unknowingly send money to accounts that the criminals controlled.
The threat of phishing
Banks aren’t the only institutions that are susceptible to phishing
attacks. Whatever your line of business, phishing is a threat you need
to take seriously: if one of your employees mistakenly opens a phishing
email, your entire corporate network could be put at risk. This is why
it is so important to ensure that your staff understand the threat that
phishing poses and can recognise phishing emails.
