For the first time in three years, hackers stole the bank's money from its correspondent account with the Central Bank

By

 

RBK

2 min

View Original

• “The attack began in June 2020 through the compromise of a company affiliated with the bank. Presumably, they started with a physical device installed on an affiliate network, ”the Group-IB report says.
• Then the hackers were able to gain access to the bank's network - it took them about a month. For another six months, they explored the network using software for storing client verification credentials, remote access, and more.
• The final stage of the attack began in January 2021. As a result, hackers gained access to the system of interbank transfers, which are carried out through the AWS of the KBR, and were also able to steal digital keys for signing payments passing through the Central Bank. As the interlocutor of RBC explains in one of the banks, when you gain access to the AWS KBR, you can form a payment order in it and send money from the correspondent account to your accounts. "[The hackers] manually copied the forged signed payments into a special folder in the KBR AWS system," the Group-IB report says.

Group-IB assessed the damage to bank customers from a new fraudulent scheme

Finance

Group-IB CEO Dmitry Volkov told RBC that the risk of a repeat of such attacks exists, but it is not as high as in 2017-2018, when targeted attacks on banks were carried out on a monthly basis. According to him, this was facilitated by the extensive work in the field of cybersecurity of the banks themselves, the regulator and law enforcement agencies, as a result of which it became unprofitable and risky for cybercriminals to carry out such attacks.

Russian banks have a large margin of safety, agrees the chief expert of Kaspersky Lab Sergei Golovanov: "Now every large financial institution is provided with a comprehensive security system that takes into account all the risks of previous years." He clarified that the stolen amount depends on the size of the bank: in previous years, the amount of attempted theft in one bank could be estimated at trillions of rubles.

The real threat to the banking sector in the future is attacks by operators of ransomware, Volkov said. They encrypt all information on the server; hackers demand a ransom to unlock it. "Such incidents cause direct financial damage, paralyze the operation of the bank's infrastructure and its ability to conduct operational activities," says Volkov. As follows from the Group-IB survey, 127 ransomware attacks on financial companies around the world were detected in the second half of 2020 and the first half of 2021, although in the same period a year earlier there were less than 50.

To protect against hacker attacks, banks should evaluate the main vectors of potential attack development, Volkov said: “For example, e-mail, it still requires high-quality protection, which must be regularly tested. It is also important to control the outer perimeter of the network and all means of remote access. "

Просмотры: