As many as three in four banks, particularly in Russia and Eastern Europe, were not prepared for cyber attacks in 2018 with hackers succeeding in injecting malware into IT systems of 30% of all banks.
According to a new report from security firm Group-IB’s Incident Response team, hackers actively exploited cyber-weaknesses in IT infrastructure of a large number of banks and financial organisations, so much so that banks were the targets of about 70% of hacker activity in the entire year.
Hacker groups that target banks and other financial institutions have also become so adept at their art that even though many of them are still using old cashing-out schemes to defraud banks, the amount of money they cashed out in 2018 was much higher than earlier and they took considerably lesser time to cash out compared to previous years.
The report noted that 70 percent of financial organisations have insufficient or no specialized skills to detect infection traces, unauthorised network activity or hardware or software compromises. At the same time, over 60 percent of banks were unable to carry out a centralized one-time change of all passwords in a short time, thereby resulting in higher risks for banks.
Hackers using compromised banking systems to target other banks
Group-IB’s Incident Response team also observed that hacker groups are now using compromised systems of targeted banks to infect a large number of other banks in order to maximise the reach of their operations. Using this approach, they are taking advantage of the fact that banks always trust emails or other communication coming from official accounts of other banks and are more likely to process requests coming from other banks.
“A bank with compromised infrastructure can not only lose money, but also become a threat to other players in the financial market. A financially motivated hacker group always seeks to maximize the gains: by taking control over a bank’s systems it aims not only to withdraw money from a compromised bank but also to infect as many new victims as possible,” said Valery Baulin, head of of Group-IB Digital Forensics Lab.
“For this purpose, hackers use “a domino effect”: they send out malicious phishing emails from the compromised infrastructure using the database of the bank’s partner companies. This attack vector dangerous, first of all, because these emails are sent from a legitimate bank, and the sender is not faked, which increases the probability of opening the malicious attachment.
“Thus, a chain reaction is started, and this can lead to multiple infections of financial institutions. In 2018, we detected the use of this vector both in Russia and Eastern Europe,” he added.
Commenting on Group-IB’s findings, Dean Ferrando, Systems Engineer Manager for EMEA at Tripwire, said that it is worrying to witness phishing campaigns increase in sophistication to the point of using a breach to impersonate an organisation as trusted as a bank to gain access to even more networks and as such, customer data.
“This does pose a wider question about the need of a concerted effort to not only prevent these sort of attacks but also to educate the public in being more vigilant on who they think they can trust.
“Security has become a collective problem. It is no longer a matter of organisations just protecting themselves and their digital assets, but a matter of not allowing one weak link in a network of organisations to become the enabler of much larger criminal endeavour,” he added.