Financial Institutions Suffer “Carbanak” Cyber Attack

By Eric Noonan • February 16, 2015

According to the latest Kaspersky Labs report, financial institutions have had approximately $1 billion (£648 million) stolen in the cyber attacks starting in 2013 and are still ongoing. The report identifies a cybercriminal group named “Carbanak” consisting of members from Russia, Ukraine, and China. Carbanak is also suspected as the group behind for the major retail breaches with Bebe Stores, Sheplers, and Staples. Carbanak leveraged well-known vulnerabilities in Microsoft Office in nearly all of their attacks against financial institutions. The average attack was carried out over a period of 2 to 4 months, entailed a 100+ compromised internal systems, and resulted in up to $10 million in stolen financial assets.

 

“Advanced control and fraud detection systems have been used for years by the financial services industry (…) However, these focus on fraudulent transactions within customer accounts. The Carbanak attackers bypassed these protections, by for example, using the industry-wide funds transfer (the SWIFT network), updating balances of account holders and using disbursement mechanisms (the ATM network). In neither of these cases did the attackers exploit a vulnerability within the service. Instead, they studied the victim´s internal procedures and pinpointed who they should impersonate locally in order to process fraudulent transactions through the aforementioned services. It is clear that the attackers were very familiar with financial services software and networks (…)”

The Kaspersky Labs Report

 

The big take away from this report is that spear phishing attacks and old exploits (for which patches have already been released) remain effective against medium to large sized companies. Most businesses are simply not set up to defeat skilled attackers as most their cybersecurity is built around compliance or to put it more simply, to combat auditors and regulators. To sufficiently protect competitive customer advantages and shareholder values, businesses must adapt their approach to cybersecurity to keep pace. In our experience at CyberSheath, businesses that take a sustained approach to cybersecurity also take better advantage of the latest innovative technologies in mobile, social media, and cloud, which help a business maintain its competitive edge and drive growth.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft