Firm News

Steve Thomas Commentary Highlights Push-Pull Over Liability for Malware Attacks

malwareWhile it took less than two months for a potent piece of malicious computer code known as GozNym to spread through the U.S. and Canadian banking systems, the mounting financial losses expose a growing conflict between banks and account holders over who should pay when malware attacks drain an account.

In his latest piece for Texas Lawyer, McGuire, Craddock & Strother’s Steve Thomas highlights how the rapid spread of GozNym is raising legal issues for businesses and banks in its wake.

Schemes employed by GozNym and malware like it trick users by redirecting them to a website that looks and acts exactly like their bank’s site. After a victim unwittingly supplies login credentials and other personal information, funds in the account are fair game to be transferred to overseas accounts.

“In GozNym,” Thomas writes, “they have spawned an efficient predator that feeds on financial institutions by attacking them through their weakest and most lucrative vulnerability – commercial banking customers.”

As losses mount in the U.S. and around the world, Thomas notes that it’s far from clear who ultimately pays. Case in point is a June 2012 malware case of Garland, Texas-based real estate escrow firm Luna & Luna, which lost about $1.67 million in a similar malware scam.

Writes Thomas:

“The bank replenished the funds to avoid trouble with Uncle Sam, but then sued Luna to recover the money, alleging that Luna had declined the use of “dual controls” on its many wire transfers. Luna counterclaimed, arguing that the bank’s security was deficient. After three years of litigation, the case settled in late April 2016, but it illustrates the painful fallout of a successful cyberheist against a commercial account.

Exactly the kind of account GozNym targets. Cybersecurity experts say this is just the beginning. GozNym will expand and improve. Financial institutions and their commercial customers face a new world of organized crime where literal fortunes can be lost with a single click, and the ounce of prevention far outweighs any pound of legal cures.”

Read the Texas Lawyer commentary here (subscription required).