Financial Institutions Suffer “Carbanak” Cyber Attack

By Eric Noonan • February 16, 2015

According to the latest Kaspersky Labs report, financial institutions have had approximately $1 billion (£648 million) stolen in the cyber attacks starting in 2013 and are still ongoing. The report identifies a cybercriminal group named “Carbanak” consisting of members from Russia, Ukraine, and China. Carbanak is also suspected as the group behind for the major retail breaches with Bebe Stores, Sheplers, and Staples. Carbanak leveraged well-known vulnerabilities in Microsoft Office in nearly all of their attacks against financial institutions. The average attack was carried out over a period of 2 to 4 months, entailed a 100+ compromised internal systems, and resulted in up to $10 million in stolen financial assets.

 

“Advanced control and fraud detection systems have been used for years by the financial services industry (…) However, these focus on fraudulent transactions within customer accounts. The Carbanak attackers bypassed these protections, by for example, using the industry-wide funds transfer (the SWIFT network), updating balances of account holders and using disbursement mechanisms (the ATM network). In neither of these cases did the attackers exploit a vulnerability within the service. Instead, they studied the victim´s internal procedures and pinpointed who they should impersonate locally in order to process fraudulent transactions through the aforementioned services. It is clear that the attackers were very familiar with financial services software and networks (…)”

The Kaspersky Labs Report

 

The big take away from this report is that spear phishing attacks and old exploits (for which patches have already been released) remain effective against medium to large sized companies. Most businesses are simply not set up to defeat skilled attackers as most their cybersecurity is built around compliance or to put it more simply, to combat auditors and regulators. To sufficiently protect competitive customer advantages and shareholder values, businesses must adapt their approach to cybersecurity to keep pace. In our experience at CyberSheath, businesses that take a sustained approach to cybersecurity also take better advantage of the latest innovative technologies in mobile, social media, and cloud, which help a business maintain its competitive edge and drive growth.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO