Summary: How the Carbanak hacker’s group stole a billion dollars without getting caught and what we
learn from it.
The financial world and the security industry have been rocked by the recent report from Kaspersky about the cyber-criminals that have stolen more than $1 Billion from global banks through cyber-attacks. The initial reports link the attacks to a multinational criminal group, and highlight the use of sophisticated malware, dubbed Carbanak.
Questions were raised in late 2013 when an ATM in Kiev, Ukraine, began dispensing money at random times, when no one had put in a card or touched a button. Security cameras show that money would be picked up by customers who appeared to be in the right place at the right time. But when Kaspersky Lab was called in to investigate, it was revealed that the ATM was part of a much-larger banking breach.
The attackers used simple techniques like phishing to trick employees into infecting their endpoints with malware. Once installed, the attackers went after the administrators in order to gain access to the machines on which financial administrators operated. After gaining access to bank's computers through phishing schemes and other methods, they lurk for months to learn the bank's systems, taking screen shots and even video of employees using their computers. This unusual method of hacking which rather than targeting customers for money, targeted the banks as a whole, has caused a massive stir in the banking industry.
The hackers have been active since at least the end of 2013 and infiltrated more than 100 banks in 30 countries, according to Russian security company Kaspersky Lab. The recent revelations of hundreds of millions of dollars in cybercrime targeting the financial industry, shows that criminal enterprises are alive and well, and continue to cultivate new cyber capabilities.
Protecting one’s organization from such attacks requires us to understand what the insider threat really is and how to protect one’s organization from it. From Carbanak and Anunak attacks, we believe that unprotected privileged accounts are one of the main concerns of all modern day IT security experts. One in 3 cyber breaches are caused because of unprotected and unrestricted access. We at Arcon believe that by implementing the necessary tools and infrastructure, we can manage, continuously monitor and track privileged account activities. Along with the analytics and intelligence to identify anomalous activity, organizations can protect themselves and enable a quick detection and response, making it possible to mitigate potential damage early in the attack cycle.
ARCON is a leading technology company specializing in risk control solutions. ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms. ARCON in the last one decade has been at the forefront of innovations in risk control solutions, with its roots strongly entranced in identifying business risk across industries it is in a unique position to react with innovative solutions/products.
Learn more about us at arconnet.com