PaySpace Magazine has collected the most resonant cyberattacks on banks in recent years, as well as expert advice on how to defend against them.
Hacking servers, ATM attacks and data theft: the most resonant cyberattacks of banks.
Thanks to the development of technology, many banks have significantly improved the quality of work and the convenience of customer service. More and more financial institutions are trying to keep up with the times, using blockchain in their work, issuing their own cryptocurrencies, replacing branches with convenient mobile applications and investing in the development of advanced ATMs - with biometrics, withdrawals without a card using a smartphone, etc. However, along with the active introduction of technology, banks also began to face a new type of crime - cyber attacks.
Modern fraudsters can rob a bank from a thousand kilometers away, already breaking not locks, but servers and passwords. In the new material, PaySpace Magazine has collected the most resonant cyberattacks on banks in recent years, as well as expert advice on how to defend against them.
Data theft of more than 100 million bank cards. One of the most resonant incidents of this year was the breach of the security system of the largest American bank Capital One. As a result of the hacker attack, credit card details of 100 million Americans and 6 million Canadians were stolen, as well as 140 thousand social security numbers and 80 thousand bank accounts issued between 2016 and 2018.
Later, the US Attorney's Office reported that the hacking of Capital One's servers also stole data from 30 organizations.
Attack of the main bank of the EU. Last month, the European Central Bank (ECB) reported cybercriminals hacked the external server of the Banking Reporting Directory Integrated Directory (BIRD) website. As a result of the attack, attackers could have obtained e-mail addresses, information about the names and positions of 481 subscribers to the BIRD service. The central bank immediately suspended the site after discovering a vulnerability that was identified during a regular scan. The department notified all users of the possible hacking, whose personal data could have been stolen. According to the ECB, neither the internal systems of the department, nor important market information were affected by the hacking actions.
Withdrawing millions of funds to dummy accounts. In 2018, hackers stole hundreds of millions of pesos from Mexican banks. Fraudsters were able to get hold of the money thanks to attacks on the local interbank messaging network SPEI. The criminals sent fake requests to transfer funds from the accounts of several Mexican banks, including the country's leading financial institution Banorte. The attackers then transferred funds to fake accounts opened with third-party banks. Thus, the criminals managed to withdraw more than 300 million pesos ($ 15.4 million) from bank accounts.
Data theft of nearly half of US residents. In September 2020, as a result of a cyberattack, hackers gained access to confidential data of 143 million Americans. Considering that the population of the United States at that time was about 320 million people, then 44% of the country's inhabitants became potential victims of data breaches. For example, as a result of the hacking of the American credit history bureau Equifax, attackers gained access to data such as full names, social security numbers, dates of birth, home addresses, and in some cases the driver's license numbers of the victims. In connection with the incident, a huge wave of criticism fell upon the company, as information about the leak was withheld for more than a month. During this time, three top managers of Equifax managed to sell the company's shares for a total of $ 1.8 million.
Millions of stolen data with correctly entered password. In 2018, the American financial holding JPMorgan became the victim of serious data theft after hackers used an employee's password to steal information on 76 million private accounts and 7 million small business accounts. JPMorgan chief executive Jamie Dimon later said in a letter to shareholders that cybersecurity "could very well be the biggest threat to the US financial system."
Hacking during an interview. In early 2019, it became known that hackers from North Korea gained access to the Chilean ATM network using Skype . For example, attackers were able to download malware onto the computer of one of the employees of the Redbanc company in Chile during a fake interview. Redbanc is a Chilean-based enterprise serving the ATM infrastructure of all banks in the country. The hackers contacted an employee of the institution via Skype after he responded to a developer job on LinkedIn and asked him to install a program that allegedly generates an application form. Thus, the scammers downloaded malware that allows hackers to gain access to the victim's work computer, hardware and operating system, as well as the proxy server settings.
Redbanc officials said the attack had no impact on the interbank network. Security firm Flashpoint believes the hacker group Lazarus from North Korea is behind the hack.
North Korean hackers often target financial institutions.
In 2018, North Korean hackers infiltrated Banco de Chile's information systems using malware and stole more than $ 10 million through the Swift international network. As a result, the financial institution had to turn off more than 9 thousand working terminals for a while.
Later in October of the same year, 16 financial institutions around the world were attacked using the same pattern . As it became known, since 2014, scammers from North Korea managed to steal more than $ 100 million using the international interbank system Swift.
The North Koreans are also believed to be behind the global WannaCry ransomware attack in 2020. This was established by experts from Kaspersky Lab, identifying the hacker group BlueNoroff associated with Lazarus. It is considered one of the most dangerous threats to financial institutions. In addition, the South Korean Institute of Financial Security reported a second group using Lazarus. She is called Andariel and has been attacking the country since 2013. According to experts, such hacks were not single hacker attacks, but a planned military operation.
Of the 94 cyberattack cases reported as financial crimes since 2007, 23 are believed to have been funded by the government, specifically from Iran, Russia, China and North Korea.
Password guessing attack. In November 2021, the international financial giant HSBC fell victim to a cyberattack using stolen credentials. As a result of the incident, the attackers managed to steal the names, addresses and dates of birth of users, as well as account numbers and balances, transaction history and recipient account numbers. The attack reportedly relied on automated brute-force attacks on accounts from past leaks. In compensation, HSBC offered affected customers a free credit monitoring and identity theft protection service for one year.
POS terminal attack. In September 2021, specialists from the IBM X-Force IRIS division recorded a malicious campaign aimed at POS terminals in Europe and the United States. The organizer of the attacks was the FIN6 hacker group, which trades in theft of payment card data for subsequent sale on underground forums. Earlier in 2016, these hackers attacked POS terminals of retailers and healthcare companies. Then they managed to steal the data of more than 10 million payment cards, which were then put up for sale in one of the underground markets.
Theft of bank card data from department store customers. In 2019, information on the theft of data from owners of more than 5 million debit and credit cards was released, which were used to purchase goods in American department stores Saks Fifth Avenue, Saks Off 5th and Lord & Taylor. According to the Hudson's Bay Company, the trading company that owns the networks, the non-cash payment system was hacked by criminals.
Bank data theft through taxi call apps. In the summer of 2020, Kaspersky Lab announced that it had discovered a new version of the Faketoken Android Trojan virus, a Trojan that steals the banking data of users of mobile applications to call a taxi . Due to the fact that such applications store users' financial data, criminals easily got access to bank cards. For hacking, the malware monitored the activity of applications and imposed phishing windows on them, similar to the original windows of the application, in order to steal bank card data.
Blackbox ATMs.
ATM attack. In the first half of 2020, there was an increase in the number of cases of one of the types of ATM hacking in Europe- blackbox attacks (when fraudsters connect devices to ATMs and force them to "spit out" money). So, within six months, 114 such ATM hacks were recorded in 11 countries of the continent, which is 300% more than in the same period last year. The losses associated with these break-ins were estimated by experts at 1.5 million euros. During the ATM black box attack, the scammers opened the so-called ATM service area and then plugged in a device (for example, a laptop) via a USB port and, using malicious software, withdrawn huge amounts of money. In some cases, the "black box" was used for skimming - reading card data and intercepting a PIN code. In this case, the hackers used the obtained data to access the accounts of their victims.
It should be noted that in the summer of 2018, the creation of malicious software (malware) for ATMs was named the most expensive hacker service on the shadow Internet.
Overall, according to a Positive Technologies report released late last year, most ATMs from some of the world's largest manufacturers are vulnerable to hacker attacks and can be compromised in minutes. Thus, during testing of machines from NCR, Diebold Nixdorf and GRGBanking, it was found that 69% of them are vulnerable to the previously mentioned blackbox attacks. According to experts, in order to reduce the risk of an attack and speed up the response to a threat, first of all, it is necessary to improve the physical protection of ATMs, as well as introduce registration of security incidents. Also, as a preventive measure, it is worth conducting a regular analysis of the security of ATMs.
In order to withdraw the stolen funds, some scammers have started using universal cards. So, in January 2021, the US Secret Service reported that fraudsters began using the Fuse Card multi-card in order to store several stolen credit cards on one card. Fuse Card can contain information about 30 payment cards. Thus, the user can view the data on registered cards, and then select the one he needs to make a payment in POS terminals. This technology allows criminals to withdraw money from stolen cards with one card, which deflects suspicion from them.
Also, scammers began to use bitcoin ATMs to launder money. Thus, the criminals were able to steal more than 9 million euros via Spanish ATMs.
In 2019, 12% of Britons closed their credit or debit cards due to cyber fraud, according to a study by comparethemarket.com. So, in just a couple of months, the number of consumers who closed their payment cards increased from 4.5 million to 5.5 million.
Cyber fraud is a huge problem for banks, as according to the data, almost one in four customers who lost money due to hacking have changed or are going to change the bank they serve.
According to The New York Times, large financial companies are forced to resist hundreds of thousands of cyberattacks every day. For example, Mastercard fights 460 thousand intrusion attempts every day, which is 70% more than a year ago.
Most often, one vulnerability is enough for hackers to successfully hack the system. According to reports filed with the Financial Crimes Department of the Ministry of Finance, in just a couple of months of 2019, there were 3,494 cyberattacks against financial institutions. In particular, companies such as Equifax and Morgan Stanley have been subjected to repeated attacks using various hacking techniques over the past few years.
In some cases, hackers have used weak passwords or sent fake emails with malware that helped them infiltrate the network. In other cases, they scanned software that hadn't been updated to the latest security bug fixes. However, some break-ins took hours, others months.
According to Tom Kellermann, chief cybersecurity specialist at Carbon Black, the best hackers in the world are involved in hacking banking systems, and at the moment it looks like an arms race.
As a result of the attack on Equifax, more than 143 million data were stolen.
Since 2005, more than 11 billion data have been disclosed in an information leak, according to the Privacy Rights Clearinghouse. In particular, customer data from credit bureau Equifax and financial company First American Corporation, Yahoo email accounts, and even federal employment records were compromised.
For decades, the cost of security was perceived as unnecessary in most industries. However, banks have always been the exception, spending large budgets and performing complex security manipulations. For example, Mastercard has a windowless bunker at its data center in Missouri, where a team of security experts is working. Citigroup operates three cyberattack response centers in Budapest, New York and Singapore, which provide 24/7 coverage. JPMorgan Chase spends nearly $ 600 million a year on security, and the chief executive of Bank of America said the financial institution's security team has a special “blank check” for all expenses.
According to a study by IBM Security and the Ponemon Institute, the average cost of a security breach in the United States has risen to $ 8.2 million in recent years. However, even this amount is nothing compared to the losses incurred by institutions as a result of attacks, especially when it comes to collective claims and fines from regulatory authorities. So, the Equifax credit bureau should spend about $ 650 million and even more on the settlement of most of the claims related to the breach of the company in 2017, which affected the data of 147 million people.
Bank Capital One said it plans to spend at least $ 100 million this year to repair damage from the attack. However, some of these funds must be compensated by the bank's insurance against cyber attacks. In addition, Capital One will face the costs associated with a class action lawsuit against the financial institution. As the NYT highlighted, the hacker attack hit Capital One, one of the largest cloud-based financial institutions. The company previously served as a “proof of concept” for regulators that moving data to the cloud ensures data security.
Massive cyberattack of banking and other institutions. In 2020 was shaken by a large-scale hacker attack on banks, large companies and other objects. In particular, banks TASS, Oschadbank, Pivdenny, OTP, large enterprises - Ukrposhta, Nova Poshta, Ukrzaliznytsia, Boryspil airport, Kiev Metro, Epicenter, DTEK, Ukrenergo, Kyivenergo, mobile operators Lifecell, Kievstar, Ukraine , a network of gas stations TNK, PSG "Kovalskaya", TRK "Lux" (24 channel, radio "Lux", etc.), ATR channel, site "Correspondent", SE "Antonov", SE "Document", Kievvodokanal, site of the Lviv City Council and the website of the Cabinet. However, after just a couple of days, the banks began to resume their work.
Theft of more than UAH 5 million through access to online banking. In early 2019, the cyber police announced the exposure of a group of hackers who stole more than UAH 5 million from Ukrainians . According to law enforcement officials, the cybercriminals created a botnet that scanned and tried passwords to computers to gain full control over them. Having gained access, including to online banking, the hackers transferred all funds from the accounts of the owner of the infected computer to controlled accounts.
Cryptocurrency scammers who stole data from over 3.5 million users. In 2018, SBU officers detained hackers in Zaporozhye robbing ATMs, cryptocurrency exchanges and online sweepstakes. According to the intelligence agency, the attackers developed malware that allowed them to gain access to personal data of users and their passwords for authorization on cryptocurrency exchanges, gaming forums, online sweepstakes and other sites. During the search, law enforcement officers seized computers with malware and electronic drives with data from over 3.5 million Internet users.
Fake websites of famous banks. In the spring of 2021, two fake websites were discovered at once, with the help of which the criminals tried to lure payment details and passwords to accounts from customers. So, hybrid pages branded for Raiffeisen Bank Aval and Monobank contained a form for entering card data (number, expiration date, CVV), and on the fake website of Oschadbank, it was required to enter a password for an online banking account. The fake sites were distinguished from the real ones by the absence of the secure https extension in the URL, as well as errors in the names such as "oschadbk".
10 million with 1.5 thousand cards. In the fall of 2020, SBU officers and the prosecutor's office exposed a hacker group in Kiev, whose members had stolen money from clients, in particular from state banks. The cybercriminals used special technical means of secretly obtaining information, with the help of which they “read” the cards of clients of banking institutions, stealing access details. Also, through malware, hackers infected the information networks of banks to disrupt the normal state of the systems and gain unauthorized access to data. It is reported that the attackers managed to steal more than UAH 10 million from more than 1.5 thousand bank cards.
Theft of $ 1 million. In April 2016, as a result of a hacker attack from Credit Dnepr Bank, $ 950.8 thousand were withdrawn to the account of a company registered in China and then cashed through local ATMs.
Theft of funds through the application. From January 19 to January 25, 2019, hackers stole money through the FUIB online mobile application. It is reported that the attackers used the stolen money to replenish Kyivstar phone numbers, which resulted in an unauthorized overdraft on the card account in the amount of UAH 172.1 thousand.
Reuven Harrison, co-founder of Tufin, an Israeli information security policy company, gave some tips on how financial institutions can protect themselves from cyberattacks.
1. Segmentation of the network. This approach helps to limit the hacker's access to areas of the compromised network. For example, if a criminal gains access to an employee's computer, he will not have access to the general system of the bank. However, it should be borne in mind that network segmentation requires constant updates and configurations.
2. Implementation of an institution-wide security policy. A well-written security policy is the operational roadmap for any IT banking group to maintain an adaptive security architecture. This is what helps professionals quickly and with minimal risk determine the best way to protect the network. In addition, the security policy should take into account all regulatory and corporate compliance requirements, as well as how timely bug fixes are applied.
3. Compliance with security policy. It's one thing to have a security policy, and another to put it into practice. Organizations must continually monitor their network for configuration changes and ensure that these changes are approved and in line with policy. It's about enterprise collaboration: network operations, security operations, and CIO (Chief Information Officer).
4 important principles of countering cybercrime.
Gil Hecht, founder and CEO of Continuity Software, an IT security company, has outlined several important principles for countering cybercrime:
1. Determine the critical data you need to run your business.
2. Clearly define the robustness requirements for each data type. For example, what to do in case of loss of some transactions and how long it will take to recover.
3. Adjust the system to provide the required level of protection . For example, frequent copying of data to write-once storage devices ensures that the data cannot be deleted or corrupted. Such write-once devices need to be protected by credentials that are not available to anyone in normal business (a hardware security key in a physical safe would be a good key). When backing up and restoring data, it is better to use a transaction log that is written synchronously to the same write-once storage devices.
4. Ongoingly review that system recovery requirements are properly implemented and are being followed by all parties involved. After each change, check for updates, modifications, fixes, etc. that occur in your enterprise information infrastructure (cloud, physical, hybrid, legacy, virtual, and SaaS).
According to the expert, these principles allowed to reduce the number of downtime of companies by more than 83%, as well as to guarantee timely recovery in those rare cases when the system or data was compromised.
Also, specialists from the anti-virus laboratory Zillya! Antivirus has compiled a list of the main threats and tips on how not to fall prey to hackers while staying abroad. You can learn more about this in our dedicated infographic.
Hacking servers, ATM attacks and data theft: the most resonant cyberattacks of banks.
Thanks to the development of technology, many banks have significantly improved the quality of work and the convenience of customer service. More and more financial institutions are trying to keep up with the times, using blockchain in their work, issuing their own cryptocurrencies, replacing branches with convenient mobile applications and investing in the development of advanced ATMs - with biometrics, withdrawals without a card using a smartphone, etc. However, along with the active introduction of technology, banks also began to face a new type of crime - cyber attacks.
Modern fraudsters can rob a bank from a thousand kilometers away, already breaking not locks, but servers and passwords. In the new material, PaySpace Magazine has collected the most resonant cyberattacks on banks in recent years, as well as expert advice on how to defend against them.
Major cyberattacks of recent years
Branch of Capital One bank.Data theft of more than 100 million bank cards. One of the most resonant incidents of this year was the breach of the security system of the largest American bank Capital One. As a result of the hacker attack, credit card details of 100 million Americans and 6 million Canadians were stolen, as well as 140 thousand social security numbers and 80 thousand bank accounts issued between 2016 and 2018.
Later, the US Attorney's Office reported that the hacking of Capital One's servers also stole data from 30 organizations.
Attack of the main bank of the EU. Last month, the European Central Bank (ECB) reported cybercriminals hacked the external server of the Banking Reporting Directory Integrated Directory (BIRD) website. As a result of the attack, attackers could have obtained e-mail addresses, information about the names and positions of 481 subscribers to the BIRD service. The central bank immediately suspended the site after discovering a vulnerability that was identified during a regular scan. The department notified all users of the possible hacking, whose personal data could have been stolen. According to the ECB, neither the internal systems of the department, nor important market information were affected by the hacking actions.
Withdrawing millions of funds to dummy accounts. In 2018, hackers stole hundreds of millions of pesos from Mexican banks. Fraudsters were able to get hold of the money thanks to attacks on the local interbank messaging network SPEI. The criminals sent fake requests to transfer funds from the accounts of several Mexican banks, including the country's leading financial institution Banorte. The attackers then transferred funds to fake accounts opened with third-party banks. Thus, the criminals managed to withdraw more than 300 million pesos ($ 15.4 million) from bank accounts.
Data theft of nearly half of US residents. In September 2020, as a result of a cyberattack, hackers gained access to confidential data of 143 million Americans. Considering that the population of the United States at that time was about 320 million people, then 44% of the country's inhabitants became potential victims of data breaches. For example, as a result of the hacking of the American credit history bureau Equifax, attackers gained access to data such as full names, social security numbers, dates of birth, home addresses, and in some cases the driver's license numbers of the victims. In connection with the incident, a huge wave of criticism fell upon the company, as information about the leak was withheld for more than a month. During this time, three top managers of Equifax managed to sell the company's shares for a total of $ 1.8 million.
Millions of stolen data with correctly entered password. In 2018, the American financial holding JPMorgan became the victim of serious data theft after hackers used an employee's password to steal information on 76 million private accounts and 7 million small business accounts. JPMorgan chief executive Jamie Dimon later said in a letter to shareholders that cybersecurity "could very well be the biggest threat to the US financial system."
Hacking during an interview. In early 2019, it became known that hackers from North Korea gained access to the Chilean ATM network using Skype . For example, attackers were able to download malware onto the computer of one of the employees of the Redbanc company in Chile during a fake interview. Redbanc is a Chilean-based enterprise serving the ATM infrastructure of all banks in the country. The hackers contacted an employee of the institution via Skype after he responded to a developer job on LinkedIn and asked him to install a program that allegedly generates an application form. Thus, the scammers downloaded malware that allows hackers to gain access to the victim's work computer, hardware and operating system, as well as the proxy server settings.
Redbanc officials said the attack had no impact on the interbank network. Security firm Flashpoint believes the hacker group Lazarus from North Korea is behind the hack.
Other hacker attacks from the world's most closed country
North Korean hackers often target financial institutions.
In 2018, North Korean hackers infiltrated Banco de Chile's information systems using malware and stole more than $ 10 million through the Swift international network. As a result, the financial institution had to turn off more than 9 thousand working terminals for a while.
Later in October of the same year, 16 financial institutions around the world were attacked using the same pattern . As it became known, since 2014, scammers from North Korea managed to steal more than $ 100 million using the international interbank system Swift.
The North Koreans are also believed to be behind the global WannaCry ransomware attack in 2020. This was established by experts from Kaspersky Lab, identifying the hacker group BlueNoroff associated with Lazarus. It is considered one of the most dangerous threats to financial institutions. In addition, the South Korean Institute of Financial Security reported a second group using Lazarus. She is called Andariel and has been attacking the country since 2013. According to experts, such hacks were not single hacker attacks, but a planned military operation.
Government as a sponsor of cybercrime
As noted in Reuters, citing a report by the Carnegie Endowment for International Peace, nowadays, governments are increasingly becoming sponsors of cyber attacks on financial institutions. At the same time, the main goal is not so much theft as company losses.Of the 94 cyberattack cases reported as financial crimes since 2007, 23 are believed to have been funded by the government, specifically from Iran, Russia, China and North Korea.
Other cases of fraud
5 examples of bank attacks.Password guessing attack. In November 2021, the international financial giant HSBC fell victim to a cyberattack using stolen credentials. As a result of the incident, the attackers managed to steal the names, addresses and dates of birth of users, as well as account numbers and balances, transaction history and recipient account numbers. The attack reportedly relied on automated brute-force attacks on accounts from past leaks. In compensation, HSBC offered affected customers a free credit monitoring and identity theft protection service for one year.
POS terminal attack. In September 2021, specialists from the IBM X-Force IRIS division recorded a malicious campaign aimed at POS terminals in Europe and the United States. The organizer of the attacks was the FIN6 hacker group, which trades in theft of payment card data for subsequent sale on underground forums. Earlier in 2016, these hackers attacked POS terminals of retailers and healthcare companies. Then they managed to steal the data of more than 10 million payment cards, which were then put up for sale in one of the underground markets.
Theft of bank card data from department store customers. In 2019, information on the theft of data from owners of more than 5 million debit and credit cards was released, which were used to purchase goods in American department stores Saks Fifth Avenue, Saks Off 5th and Lord & Taylor. According to the Hudson's Bay Company, the trading company that owns the networks, the non-cash payment system was hacked by criminals.
Bank data theft through taxi call apps. In the summer of 2020, Kaspersky Lab announced that it had discovered a new version of the Faketoken Android Trojan virus, a Trojan that steals the banking data of users of mobile applications to call a taxi . Due to the fact that such applications store users' financial data, criminals easily got access to bank cards. For hacking, the malware monitored the activity of applications and imposed phishing windows on them, similar to the original windows of the application, in order to steal bank card data.
Blackbox ATMs.
ATM attack. In the first half of 2020, there was an increase in the number of cases of one of the types of ATM hacking in Europe- blackbox attacks (when fraudsters connect devices to ATMs and force them to "spit out" money). So, within six months, 114 such ATM hacks were recorded in 11 countries of the continent, which is 300% more than in the same period last year. The losses associated with these break-ins were estimated by experts at 1.5 million euros. During the ATM black box attack, the scammers opened the so-called ATM service area and then plugged in a device (for example, a laptop) via a USB port and, using malicious software, withdrawn huge amounts of money. In some cases, the "black box" was used for skimming - reading card data and intercepting a PIN code. In this case, the hackers used the obtained data to access the accounts of their victims.
It should be noted that in the summer of 2018, the creation of malicious software (malware) for ATMs was named the most expensive hacker service on the shadow Internet.
Overall, according to a Positive Technologies report released late last year, most ATMs from some of the world's largest manufacturers are vulnerable to hacker attacks and can be compromised in minutes. Thus, during testing of machines from NCR, Diebold Nixdorf and GRGBanking, it was found that 69% of them are vulnerable to the previously mentioned blackbox attacks. According to experts, in order to reduce the risk of an attack and speed up the response to a threat, first of all, it is necessary to improve the physical protection of ATMs, as well as introduce registration of security incidents. Also, as a preventive measure, it is worth conducting a regular analysis of the security of ATMs.
In order to withdraw the stolen funds, some scammers have started using universal cards. So, in January 2021, the US Secret Service reported that fraudsters began using the Fuse Card multi-card in order to store several stolen credit cards on one card. Fuse Card can contain information about 30 payment cards. Thus, the user can view the data on registered cards, and then select the one he needs to make a payment in POS terminals. This technology allows criminals to withdraw money from stolen cards with one card, which deflects suspicion from them.
Also, scammers began to use bitcoin ATMs to launder money. Thus, the criminals were able to steal more than 9 million euros via Spanish ATMs.
Aftermath of attacks
12% of Britons have closed their credit or debit cards due to cyber fraud.In 2019, 12% of Britons closed their credit or debit cards due to cyber fraud, according to a study by comparethemarket.com. So, in just a couple of months, the number of consumers who closed their payment cards increased from 4.5 million to 5.5 million.
Cyber fraud is a huge problem for banks, as according to the data, almost one in four customers who lost money due to hacking have changed or are going to change the bank they serve.
According to The New York Times, large financial companies are forced to resist hundreds of thousands of cyberattacks every day. For example, Mastercard fights 460 thousand intrusion attempts every day, which is 70% more than a year ago.
Most often, one vulnerability is enough for hackers to successfully hack the system. According to reports filed with the Financial Crimes Department of the Ministry of Finance, in just a couple of months of 2019, there were 3,494 cyberattacks against financial institutions. In particular, companies such as Equifax and Morgan Stanley have been subjected to repeated attacks using various hacking techniques over the past few years.
In some cases, hackers have used weak passwords or sent fake emails with malware that helped them infiltrate the network. In other cases, they scanned software that hadn't been updated to the latest security bug fixes. However, some break-ins took hours, others months.
According to Tom Kellermann, chief cybersecurity specialist at Carbon Black, the best hackers in the world are involved in hacking banking systems, and at the moment it looks like an arms race.
As a result of the attack on Equifax, more than 143 million data were stolen.
Since 2005, more than 11 billion data have been disclosed in an information leak, according to the Privacy Rights Clearinghouse. In particular, customer data from credit bureau Equifax and financial company First American Corporation, Yahoo email accounts, and even federal employment records were compromised.
For decades, the cost of security was perceived as unnecessary in most industries. However, banks have always been the exception, spending large budgets and performing complex security manipulations. For example, Mastercard has a windowless bunker at its data center in Missouri, where a team of security experts is working. Citigroup operates three cyberattack response centers in Budapest, New York and Singapore, which provide 24/7 coverage. JPMorgan Chase spends nearly $ 600 million a year on security, and the chief executive of Bank of America said the financial institution's security team has a special “blank check” for all expenses.
According to a study by IBM Security and the Ponemon Institute, the average cost of a security breach in the United States has risen to $ 8.2 million in recent years. However, even this amount is nothing compared to the losses incurred by institutions as a result of attacks, especially when it comes to collective claims and fines from regulatory authorities. So, the Equifax credit bureau should spend about $ 650 million and even more on the settlement of most of the claims related to the breach of the company in 2017, which affected the data of 147 million people.
Bank Capital One said it plans to spend at least $ 100 million this year to repair damage from the attack. However, some of these funds must be compensated by the bank's insurance against cyber attacks. In addition, Capital One will face the costs associated with a class action lawsuit against the financial institution. As the NYT highlighted, the hacker attack hit Capital One, one of the largest cloud-based financial institutions. The company previously served as a “proof of concept” for regulators that moving data to the cloud ensures data security.
The most resonant cases
Cyber police.Massive cyberattack of banking and other institutions. In 2020 was shaken by a large-scale hacker attack on banks, large companies and other objects. In particular, banks TASS, Oschadbank, Pivdenny, OTP, large enterprises - Ukrposhta, Nova Poshta, Ukrzaliznytsia, Boryspil airport, Kiev Metro, Epicenter, DTEK, Ukrenergo, Kyivenergo, mobile operators Lifecell, Kievstar, Ukraine , a network of gas stations TNK, PSG "Kovalskaya", TRK "Lux" (24 channel, radio "Lux", etc.), ATR channel, site "Correspondent", SE "Antonov", SE "Document", Kievvodokanal, site of the Lviv City Council and the website of the Cabinet. However, after just a couple of days, the banks began to resume their work.
Theft of more than UAH 5 million through access to online banking. In early 2019, the cyber police announced the exposure of a group of hackers who stole more than UAH 5 million from Ukrainians . According to law enforcement officials, the cybercriminals created a botnet that scanned and tried passwords to computers to gain full control over them. Having gained access, including to online banking, the hackers transferred all funds from the accounts of the owner of the infected computer to controlled accounts.
Cryptocurrency scammers who stole data from over 3.5 million users. In 2018, SBU officers detained hackers in Zaporozhye robbing ATMs, cryptocurrency exchanges and online sweepstakes. According to the intelligence agency, the attackers developed malware that allowed them to gain access to personal data of users and their passwords for authorization on cryptocurrency exchanges, gaming forums, online sweepstakes and other sites. During the search, law enforcement officers seized computers with malware and electronic drives with data from over 3.5 million Internet users.
Fake websites of famous banks. In the spring of 2021, two fake websites were discovered at once, with the help of which the criminals tried to lure payment details and passwords to accounts from customers. So, hybrid pages branded for Raiffeisen Bank Aval and Monobank contained a form for entering card data (number, expiration date, CVV), and on the fake website of Oschadbank, it was required to enter a password for an online banking account. The fake sites were distinguished from the real ones by the absence of the secure https extension in the URL, as well as errors in the names such as "oschadbk".
10 million with 1.5 thousand cards. In the fall of 2020, SBU officers and the prosecutor's office exposed a hacker group in Kiev, whose members had stolen money from clients, in particular from state banks. The cybercriminals used special technical means of secretly obtaining information, with the help of which they “read” the cards of clients of banking institutions, stealing access details. Also, through malware, hackers infected the information networks of banks to disrupt the normal state of the systems and gain unauthorized access to data. It is reported that the attackers managed to steal more than UAH 10 million from more than 1.5 thousand bank cards.
Theft of $ 1 million. In April 2016, as a result of a hacker attack from Credit Dnepr Bank, $ 950.8 thousand were withdrawn to the account of a company registered in China and then cashed through local ATMs.
Theft of funds through the application. From January 19 to January 25, 2019, hackers stole money through the FUIB online mobile application. It is reported that the attackers used the stolen money to replenish Kyivstar phone numbers, which resulted in an unauthorized overdraft on the card account in the amount of UAH 172.1 thousand.
How to counteract
How to counter cyberattacks.Reuven Harrison, co-founder of Tufin, an Israeli information security policy company, gave some tips on how financial institutions can protect themselves from cyberattacks.
1. Segmentation of the network. This approach helps to limit the hacker's access to areas of the compromised network. For example, if a criminal gains access to an employee's computer, he will not have access to the general system of the bank. However, it should be borne in mind that network segmentation requires constant updates and configurations.
2. Implementation of an institution-wide security policy. A well-written security policy is the operational roadmap for any IT banking group to maintain an adaptive security architecture. This is what helps professionals quickly and with minimal risk determine the best way to protect the network. In addition, the security policy should take into account all regulatory and corporate compliance requirements, as well as how timely bug fixes are applied.
3. Compliance with security policy. It's one thing to have a security policy, and another to put it into practice. Organizations must continually monitor their network for configuration changes and ensure that these changes are approved and in line with policy. It's about enterprise collaboration: network operations, security operations, and CIO (Chief Information Officer).
4 important principles of countering cybercrime.
Gil Hecht, founder and CEO of Continuity Software, an IT security company, has outlined several important principles for countering cybercrime:
1. Determine the critical data you need to run your business.
2. Clearly define the robustness requirements for each data type. For example, what to do in case of loss of some transactions and how long it will take to recover.
3. Adjust the system to provide the required level of protection . For example, frequent copying of data to write-once storage devices ensures that the data cannot be deleted or corrupted. Such write-once devices need to be protected by credentials that are not available to anyone in normal business (a hardware security key in a physical safe would be a good key). When backing up and restoring data, it is better to use a transaction log that is written synchronously to the same write-once storage devices.
4. Ongoingly review that system recovery requirements are properly implemented and are being followed by all parties involved. After each change, check for updates, modifications, fixes, etc. that occur in your enterprise information infrastructure (cloud, physical, hybrid, legacy, virtual, and SaaS).
According to the expert, these principles allowed to reduce the number of downtime of companies by more than 83%, as well as to guarantee timely recovery in those rare cases when the system or data was compromised.
Also, specialists from the anti-virus laboratory Zillya! Antivirus has compiled a list of the main threats and tips on how not to fall prey to hackers while staying abroad. You can learn more about this in our dedicated infographic.
