The Central Bank warns: infecting the systems with malware is the main trend to organize cyber-attacks on banks
According to the Central Bank, cyber attackers started using sophisticated stealing schemes. To get into a bank infrastructure, they mostly use phishing emails; however, an insider attack is also possible. For example, a disgruntled employee from the IT department can bring an infected USB drive. Next, the attackers infect the systems with malware, analyze the network and the working processes of the targeted enterprise, prepare the attack and carry it out, and withdraw the money through different channels. It is difficult to trace such attacks. The main trouble, however, is that once the malware gets into the bank’s information system, it can remain there after the attack, which might result in more stealing.
Cobalt, the most famous hacker group, is in charge to most of the successful attacks on Russian banks in 2017 to it according to the Central Bank. The group is named after a program they use for the attacks. The key to their success is perseverance and commercial scale attacks. ‘The violators send phishing emails to an average of one hundred banks. If they fail to get any attention, they repeat the mailing’, says Alexey Novikov, head of Positive Technologies expert security center. ‘If there is no repeated mailing, then the attack has been successful. Information about stealing usually appears in a week or two’. They then repeat the procedure with another group of banks.
In whole, 240 attempts to attack lending institutions have been detected. The average stolen amount is RUB 104 million in 2017. One should take into account the fact that many banks do not reveal the information that they have been robbed. Some experts claim that the real damage the banks suffered from cyber attacks in 2017 is approximately 1.5 times greater than what the Central Bank has announced. According to Stanislav Kuznetsov, vice chairman of the executive board in Sberbank, bank analysis shows that the official data could be 10-20 times smaller than the actual damage. He confirms that the problem is in the secrecy of the lending institutions, and that ‘hardly anyone can calculate the damage from the hackers if the banks keep it a secret that they have been robbed’.
To prevent a targeted attack on a bank infrastructure, it is recommended to implement a multilayer security system. In practice, the mere design of a multilayer security system is a very resource-consuming project. Implementing the designed multilayer protection tools can be a problem that is hard to solve and that does not have a guaranteed result. One should start from the ‘learn your technologies’ principle and have certain freedom in selecting the implementation methods, because IT systems of a bank are constantly changing. One should be able to prevent most attack vectors by simple methods and greatly complicate any preparation and execution scenarios. The easiest thing to do is to train the personnel so that a teller or any other employee would not open an email with malware or would not follow the link that initiates the download. However, such phishing emails can look quite plausible. ‘The best way out is to completely eliminate the possibility of running a virus or other malware on an employee’s computer or on any other device in the bank’s network’, says Svetozar Yakhontov, development director at StarForce Technologies. ‘This can be achieved by installing special protection that works on the principle of white lists. It means that only previously approved processes can run. Such system used to have certain drawbacks related to the need to reconfigure them after each banking software update. Today these systems are in high demand, which allowed the developers to modify them so as to meet the operating requirements of banks and other enterprises where the composition of software in use is constantly changing.
The most well-known system that enables software integrity during the operation is TPSecure Teller by Safe’N’Sec Corporation that has been in the market since 2006.
March 27, 2018
All news |
Print this page