Friday, 29th March 2024
To guardian.ng
Search

Global cyber bank robbery hits $1 billion

By EDITOR
16 February 2015   |   6:15 pm
EXCEPT ugent and concerted efforts are employed worldwide, the increasing menace of cyber crimes may continue to have huge negative impact on the global economy.   Already, up to 100 banks and financial institutions worldwide are said to have been attacked in an “unprecedented cyber robbery.”   A report from Computer security firm, Kaspersky Lab…

EXCEPT ugent and concerted efforts are employed worldwide, the increasing menace of cyber crimes may continue to have huge negative impact on the global economy.

  Already, up to 100 banks and financial institutions worldwide are said to have been attacked in an “unprecedented cyber robbery.”

  A report from Computer security firm, Kaspersky Lab estimated that $1billion (£648 million) has been stolen in the attacks, which it said started in 2013 and are still active.

  A cybercriminal gang with members from Russia, Ukraine and China is responsible, it said.

  Kaspersky said it worked with Interpol and Europol on the investigation.

  It said the attacks had taken place in 30 countries including financial firms in Russia, US, Germany, China, Ukraine and Canada.

  “These attacks again underline the fact that criminals will exploit any vulnerability in any system,” said Sanjay Virmani, director of Interpol’s digital crime centre.

  Kaspersky said the gang’s methods marked a new stage in cyber robbery where “malicious users steal money directly from banks and avoid targeting end users”.

  The gang, which Kaspersky dubbed Carbanak, used computer viruses to infect company networks with malware including video surveillance, enabling it to see and record everything that happened on staff’s screens.

  In some cases it was then able to transfer money from the banks’ accounts to their own, or even able to tell cash machines to dispense cash at a pre-determined time of day.

  Kaspersky said on average each bank robbery took between two and four months, with up to $10m stolen each time.

  “It was a very slick and professional cyber robbery,” said Kaspersky Lab’s principal security researcher, Sergey Golovanov.

  The Financial Services Information Sharing and Analysis Center, a body that alerts banks about hacking activity, said that its members had received a briefing about Kaspersky’s report in January.

   “We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimise any effects on their customers,’’ it said in a statement.

     Already, the Bank of England said it has stepped up its efforts to protect the UK’s financial institutions from cybercrime with a new testing framework to spot vulnerabilities.

   The Bank said hacking represents a growing risk for the financial sector.

   The new tests will combine government intelligence about existing cyber-threats with those that the security industry assesses to be risks.

    It is expected that the voluntary tests will be widely adopted.

   The new cybersecurity strategy, known as CBEST, is the first of its kind for the financial services sector and tests will begin this summer.

 “The results should provide a direct readout on a firm’s capability to withstand cyber-attacks,” said Andrew Gracie, the Bank of England’s executive director of resolution.

  James Chappell is chief technology officer at Digital Shadows, one of the security firms taking part in the tests. He explained how they would differ from previous vulnerability testing:

  “Previous tests were carried out by a geeky guy who tried various technical ways to get into a system and then presented a report to the bank.

   “These tests will mimic the behaviour of the bad guy, whether that be a hacktivist, organised crime or a nation state, it will emulate the same techniques they would use.”

   In a speech to the British Bankers’ Association cyber-conference in London launching the new framework, Mr Gracie warned that banks needed to be better prepared to counter cyber-attacks.

   “Cyber presents new challenges. Unlike other causes of operational disruption like fires and floods, we know there are agents out there – criminal, terrorist organisations or state sponsored actors, that have the will, if not necessarily the means, to attack the system.”

   “Low-level attacks are now not isolated events but continuous. It is clear that the risk is on the rise and a growing cause of concern to industry and authorities alike.”

    According to the Bank of England’s Systemic Risk survey, during 2013 there was a 10 per cent increase in concerns about cyber-attacks among banks.

   In December, the Royal Bank of Scotland admitted its platform was briefly attacked by hackers while one unidentified London-listed company incurred losses of £800m in a cyber-attack a few years ago.

 

0 Comments