Hackers use banks as a starting point for phishing attacks

The cybercrime attacks banks and financial institutions, infiltrating and using part of the compromised infrastructure to have access to specific objectives in every region or country. Recent trends in recent times.

In a report released Feb. 19, international security company Group-IB, which specializes in international cyber attacks, described the so-called "cross-border domino effect." can lead to malicious attacks and phishing attacks beyond the original goal. The report is based on information from incident response projects implemented in 2018 by the company's computer forensic team.

1. What can organizations do to protect themselves from cyber attacks?

Attack in chains to get maximum effect

The incident response activities at various financial institutions have revealed that in some cases, the attacker used his access to send email to other banks and payment systems.

A simple example of a case originating from a Russian bank could be taken, where the attacker used the bank's infrastructure to send fraudulent emails to another bank in Kazakhstan. A chain attack was carefully observed, and there were many organizations in other countries that were also found to be involved in malicious messages to access their systems.

The cyber criminals behind the incident then made another fraudulent campaign with the same scenario, using the infrastructure of a bank in Kazakhstan to infect the bank. Other goods in Georgia.

Although the focus of the report is on companies and organizations in Russia and Eastern Europe, but Group-IB experts have also tracked the attacker's footprint to targets in the independent nations community. (CIS) - an organization of 10 post-Soviet republics in Asia and Europe.

"A group of motivated hackers targeting the financial sector are always looking for ways to maximize the profits earned after each attack, for example in this case by controlling the banking system. only aimed at withdrawing money from an compromised bank but also aiming to infect as many new victims as possible ". Valery Baulin, head of digital forensic research department Group-IB, said.

In addition, the expert explained that the "domino effect" caused by chain attacks is a vector that spreads dangerously, because hackers use databases of bank partner companies. compromised.

1. IBM developed a new technology to patch security holes.

Banks in Russia are often targeted

The key point in Group-IB's report is that banks in Russia are often not ready for cyber attacks, or in other words their security system is too loose and not "taken care of" regularly. Statistics show that more than half of signs of infringement on past banking systems stem from Russia.

In addition, 29% of the companies where Group-IB performed incident response activities last year contain malware that is operating on their network infrastructure, while reports about The internal IT security services of these banks do not have any clues about the malware.

The fraudulent methods of withdrawing money are still carried out by the old method, which is money withdrawn via payment card (ATM), through fake accounts, payment systems or directly from ATMs.

The method is still the same, but the amount of stolen cash has increased significantly, and the attacks have been done more quickly. If three years ago, average hackers took 25-30 hours to get $ 3 million, then in 2018 they took the same amount in less than 15 minutes from many banks in Russia. .

1. US $ 1.7 billion of electronic money was beaten by hackers in 2018

According to security experts, the success of hackers is partly due to the lack of central management capacity, not enough to forecast and offer remedial measures, or further cooperation among banks. . Besides, the lack of warning processes and the fact that IT experts have reacted too slowly to hacking incidents are also factors that contribute to the situation.

Without timely measures to improve the situation in the near future, the damage they receive will not stop at that level.