Cybercriminals have stolen almost 100 staff logins at the Big Four banks, experts say

Article Excerpt:

Dozens of bank employee logins have been "compromised" after cybercriminals stole their corporate credentials and shared them online, cyber security experts say.

The logins were stolen from workers' devices using "infostealers", a type of malware designed to harvest valuable data from computers or phones and send it to criminals.

The Big Four banks say they have protections in place to prevent unauthorised access to their systems, including the use of stolen staff credentials.

Evan Vougdis, one of our Cyber Directors and Cyber Threat Intelligence Practice Lead provided comment in this article:

Gaining access to a bank's corporate environment and staging a major attack is not as simple as just using stolen staff credentials to log in.

"Most large enterprise organisations will have supplementary controls, in addition to a username and password," said Evan Vougdis from NSB Cyber, listing Multi-Factor Authentication (MFA) as one example.

For that reason, securing "initial access" is a specialised task in the cyber crime world, performed by "initial access brokers".

Source: ABC News - Thursday 1 May 2025
Author: By national health reporter Ange Lavoipierre
Reference: Cybercriminals have stolen almost 100 staff logins at the Big Four banks, experts say