Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,556
- Points
- 113
The Bank of Russia reported 2.7 million transactions without the client's consent, of which 252.1 thousand were successful for intruders.
According to the report of the Bank of Russia, in the first quarter of 2023, credit institutions prevented embezzlement of funds in the amount of 712 billion rubles, reflecting 2.7 million transactions without the client's consent. 252.1 thousand attacks were successful, as a result of which 4.5 billion rubles were stolen. Most of the victims were individuals who lost money in 251.5 thousand cases. Corporate clients of banks were subjected to 655 attacks, while credit institutions themselves were not affected by hackers.
As the Bank told Kommersant, in 2022 the number of DDoS attacks on the infrastructure of credit institutions increased significantly, but banks were able to cope with them thanks to effective interaction with the regulator and other agencies. However, such attacks still pose a threat to the stability of the banking system, especially if they are carried out by hacktivists-politically motivated hackers.
According to Servicepipe, a company specializing in protection against DDoS attacks, the number of such attacks in the first quarter of 2023 decreased by 15-20% compared to last year. However, already in 2023, cases of unavailability of services of the largest players due to DDoS attacks were recorded.
Another type of cyber incidents that is relevant for credit institutions is SMS bombing. This is an attack in which attackers request sending a large number of SMS messages on behalf of bank customers, for example, to log in to an online bank. As a result of such activity, banks ' spending on SMS payments may increase three to five times. The purpose of such attacks is to cause financial damage to banks or discredit their reputation.
However, the most common method of attacking bank customers is social engineering, i.e. manipulating human emotions and trust. According to the Bank of Russia, such attacks account for more than half of the incidents. The number of cases of malicious software being used by hackers (hackers traditionally use it in attacks on banks) has decreased by 16% since last year. In absolute terms, this is 75 times a quarter, which is 0.03% of the total volume of attacks.
Experts emphasize that credit institutions should not relax and should constantly improve their level of cybersecurity. Hackers have not lost interest in attacking banks, as this is one of the most profitable types of cybercrime. To conduct successful attacks on the systems of financial organizations and obtain financial benefits, attackers need to have very high qualifications and a deep understanding of the internal business processes of such companies.
The growing security of credit institutions forces hackers to change tactics. The Bank of Russia believes that cybercriminals have already switched from sophisticated attacks using different tactics and techniques to attacks related to exploiting vulnerabilities in the software used by organizations.
According to experts, in 2023, there will also be a trend for attacks by bank counterparties in order to get into the bank through them. The Central Bank also records attacks on a third party. Experts also believe that one of the main threats to credit institutions is attacks through financial applications integrated into ecosystems. In addition, attackers can create fake versions of online banking in app stores and fake pages in social networks.
Internal malicious attacks are also relevant for credit institutions : in 2023, many requests from companies were related to incidents in their internal infrastructure, including personal data leaks.
It is noted that in 2023, hacking of mobile devices of bank customers using remote access is likely, as well as getting the ability to set SMS and call forwarding. Access to device management is achieved through social engineering, phishing, and malicious applications. SBP attacks where attackers forge QR codes or links to pay for purchases will also remain relevant.
According to the report of the Bank of Russia, in the first quarter of 2023, credit institutions prevented embezzlement of funds in the amount of 712 billion rubles, reflecting 2.7 million transactions without the client's consent. 252.1 thousand attacks were successful, as a result of which 4.5 billion rubles were stolen. Most of the victims were individuals who lost money in 251.5 thousand cases. Corporate clients of banks were subjected to 655 attacks, while credit institutions themselves were not affected by hackers.
As the Bank told Kommersant, in 2022 the number of DDoS attacks on the infrastructure of credit institutions increased significantly, but banks were able to cope with them thanks to effective interaction with the regulator and other agencies. However, such attacks still pose a threat to the stability of the banking system, especially if they are carried out by hacktivists-politically motivated hackers.
According to Servicepipe, a company specializing in protection against DDoS attacks, the number of such attacks in the first quarter of 2023 decreased by 15-20% compared to last year. However, already in 2023, cases of unavailability of services of the largest players due to DDoS attacks were recorded.
Another type of cyber incidents that is relevant for credit institutions is SMS bombing. This is an attack in which attackers request sending a large number of SMS messages on behalf of bank customers, for example, to log in to an online bank. As a result of such activity, banks ' spending on SMS payments may increase three to five times. The purpose of such attacks is to cause financial damage to banks or discredit their reputation.
However, the most common method of attacking bank customers is social engineering, i.e. manipulating human emotions and trust. According to the Bank of Russia, such attacks account for more than half of the incidents. The number of cases of malicious software being used by hackers (hackers traditionally use it in attacks on banks) has decreased by 16% since last year. In absolute terms, this is 75 times a quarter, which is 0.03% of the total volume of attacks.
Experts emphasize that credit institutions should not relax and should constantly improve their level of cybersecurity. Hackers have not lost interest in attacking banks, as this is one of the most profitable types of cybercrime. To conduct successful attacks on the systems of financial organizations and obtain financial benefits, attackers need to have very high qualifications and a deep understanding of the internal business processes of such companies.
The growing security of credit institutions forces hackers to change tactics. The Bank of Russia believes that cybercriminals have already switched from sophisticated attacks using different tactics and techniques to attacks related to exploiting vulnerabilities in the software used by organizations.
According to experts, in 2023, there will also be a trend for attacks by bank counterparties in order to get into the bank through them. The Central Bank also records attacks on a third party. Experts also believe that one of the main threats to credit institutions is attacks through financial applications integrated into ecosystems. In addition, attackers can create fake versions of online banking in app stores and fake pages in social networks.
Internal malicious attacks are also relevant for credit institutions : in 2023, many requests from companies were related to incidents in their internal infrastructure, including personal data leaks.
It is noted that in 2023, hacking of mobile devices of bank customers using remote access is likely, as well as getting the ability to set SMS and call forwarding. Access to device management is achieved through social engineering, phishing, and malicious applications. SBP attacks where attackers forge QR codes or links to pay for purchases will also remain relevant.
