Cybercriminals becoming ‘fearless’ in hitting ‘big fishes’
Participants of the 2016 Security Analysts Summit organized by Kaspersky share their latest findings on cybercriminal groups, including the Carbanak group that stole nearly $1 billion from around 100 financial institutions. MATIKAS SANTOS/INQUIRER.net
As the world becomes more and more connected to the Internet through computers, cybercriminals are looking for ways to exploit people and companies are becoming more ‘fearless’ in hitting the ‘big fishes,’ according to cybersecurity experts.
“On a global scale, what is happening right now is most of the attackers are fearless, and they are going for targets that they never did in the past,” Vicente Diaz, Kaspersky Lab principal security researcher told INQUIRER.net in an interview during the 2016 Security Analysts Summit held in Tenerife, Spain.
“We have seen the first attacks happening against big institutions, directly hacking them and stealing their money from their internal networks,” he added.
Various banks around the world have recently fallen victim to cybercriminals who carried out digital bank robberies by hacking into their computer network.
In Bangladesh, around $900 million were reportedly stolen from the Bangladesh Central Bank by hackers allegedly based in China.
BACKSTORY: Philippines blocks $870M stolen from Bangladesh by cybercriminals
Kaspersky’s 2015 security bulletin recorded nearly 2 million attempts to infect computers with malicious software “that aimed to steal money via online access to bank accounts.”
Among the most notorious cybercriminal groups who have hacked and robbed banks is known as “Carbanak” which has stolen nearly $1 billion from around 100 financial institutions.
Carbanak infected computer systems of banks by sending malicious software (or “malware”) as attachments in the emails of bank employees. The malware is disguised as a typical document such as a .doc file and the email message is crafted to look like a normal email from someone the employee knows. The malware is designed for “espionage, data exfiltration, and remote control.”
After a bank’s’ system was infected, Carbanak could manipulate the data such as accounts in the bank. Automated teller machines (ATMs) were also manipulated remotely to dispense cash while members of the group waited to collect their loot.
Kaspersky, which is based in Moscow, Russia, has tracked the presence of Carbanak mostly in Eastern Europe. However, some financial institutions in United Statses, Germany and China have also been reportedly victimized.
READ: Depositors at risk from bank hackers, experts warn
They warned that Carbanak, which has launched “by far the most successful criminal cyber campaign we have ever seen,” has expanded its operations in Malaysia, Nepal, Kuwait and several regions in Africa.
Statistics from Kaspersky Labs show the rise in number of malicious software hitting financial institutions. Photo from Kaspersky Lab 2015 Security Bulletin
“The problem is that, all these [cybercriminals] first attacked the users and now they are going for the big fishes. Now they are going for the big companies,” Diaz said.
“As the complexities grow in all these companies, like having a lot of employees with a lot of people working in different offices [and using] a lot of different operating systems [as well as] bring your own device policies, all this is adding complexity and is giving more opportunity for the attackers,” he added.
Countering cybercriminals
To protect their assets against cybercriminals, John Lambert, General Manager of Microsoft Threat Intelligence Center, recommends that companies hire capable cybersecurity analysts in addition to improving their computer security software.
“Its important for every organization, every company to begin to further their progression on cyberdefense. That’s not just protecting their network from the minimum bar of hygiene and compliance but also on understanding who might be attacking them by hiring good analysts,” Lambert said.
An infographic released by Kaspersky Lab in 2015 details the process used by the Carbanak cybercriminal group to steal almost $1 billion from around 100 financial institutions. Photo from Kaspersky Lab.
“One of the things I say is the best security resource that most companies have is not some special black box, appliance gear or a firewall, its their analyst team. Because its their judgment about what’s going on, they’re gonna know their network better than anyone else,” he said.
READ: Banks told to strengthen cybersecurity measures
Lambert also urged security analysts to connect with each other so they can collaborate and share information which will strengthen the defenses of the security community as a whole.
“The problem is that, all these [cybercriminals] first attacked the users and now they are going for the big fishes. Now they are going for the big companies.”
The said summit, which was organized by Kaspersky, was attended by around 200 participants from the cybersecurity community. Speakers shared their findings on the latest cybercriminal groups and other threats they are currently monitoring.
“One thing I think is important is for researchers and analysts to get to know each other. Threat information is often exchanged over trust relationships so those trust relationships are person to person. It’s not that two companies trust each other it’s that people trust each other,” Lambert said.
“And so one important thing to come here is to meet other analysts, people at other companies and build the relationships that help to protect users as you work together,” he added. RAM
RELATED STORIES:
Microsoft, PNP to strengthen Philippine cybersecurity
Techies most vulnerable to cybercrime
