Search This Blog

Showing posts with label Bank Cyber Security. Show all posts

Russian hackers switched from Russian banks to foreign ones


Two of the most dangerous Russian-language hacker groups over the past year have almost stopped attacking Russian banks and concentrated on foreign banks. Damage from targeted attacks on credit institutions fell by 14 times.

"Until 2018, Russian-speaking groups often attacked banks in Russia and the CIS, but over the past year, this trend has changed. Now the attackers focus mainly on foreign banks and organizations," said experts.

"New hacker groups often start working in their region: this was the case with Cobalt, with Silence in Russia, this is happening now with SilentCards in Africa. Home regions are a testing ground for them. Having worked out the techniques, they move on. For example, the same Russian-speaking groups focused on goals in Asia, Africa, Europe and America," added the representative of Group-IB.

Recall that in the world, according to Group-IB, there are five major hacker groups that hack financial institutions, three of them Cobalt, Silence and MoneyTaker are Russian-speaking.

A representative of Kaspersky Lab confirmed the statement about this trend. He noted that the attackers switched to the countries of Eastern Europe and the CIS, which are less protected.

"But a new generation of hackers will soon grow up who will again attack banks in their homeland," predicts the representative of Group-IB.

Experts have already recorded an increase in the number of Russian-speaking young people who are still engaged in "harmless attacks".

In addition, cyber experts Group-IB identified the most frightening trend of 2019. This is the use of cyberweapons in open military operations. According to the representative of the company, interstate conflicts have now acquired new features and cyber activity has begun to play a key role in this confrontation. Thus, experts found many previously unknown groups sponsored by states.

However, the activities of such hackers can go unnoticed for years. And their actions can destabilize the situation in the states, as well as cause social and economic damage.

Mumbai Techie Loses Rs 3 Lakh, Card Info Used 56 Times Abroad



A few days before Diwali, a Mumbai based engineer on a maternity leave to look after her new-born woke up to a shocking discovery from her bank as she was informed that she has fallen prey to a debit card fraud. While she was asleep, her debit card was used online to carry out 56 transactions, resulting in a loss of Rs 3.3 lakh, reported Times of India.

Around 2:30 am an automated phone call from the bank in which she has a savings account, alerted her about transactions carried out on her debit card and told her to reach out to customer care if the transactions had not been made by her. Upon receiving her response, customer care got her card blocked immediately and she also lodged a complaint with the Kanjumarg police, however, there are no remarkable leads on the case yet.

The unfortunate incident happened just a few days before Diwali and ruined the Diwali plans for the Mumbai techie's family. Notably, the transactions were made internationally and the owner did not receive any text or call requesting a one-time password (OTP). According to the statements given by the victim and her husband, they had never used the particular debit card internationally before. They had used it lately on domestic websites while shopping for baby products.

What experts have to say about the fraud? 


While commenting on the matter, cybersecurity expert, Vicky Shah said, "There could be various reasons how this happened. One of the possibilities is that the card could have been cloned. When a card is used internationally, an OTP is not required. Another possibility is that the card details were compromised. There were recent reports about details of 1.3 million cards being leaked. It’s a matter under police investigation." He also pointed out the RBI norms, which bound the bank to reverse the lost amount back into the victim's bank account within a time frame of 10 days as the transaction was carried out internationally.

Meanwhile, the victim's husband tweeted, "Bank representatives should have noticed that something was wrong when dozens of transactions were made so early in the morning. They should have called us before approving the transactions."

The Central Bank will strengthen control over IT-security of credit institutions


In Russia, hackers may be involved in measures to strengthen control over the stability of credit institutions to cyber attacks. IT-auditors may be obliged in a test mode to crack the security systems of Russian banks with the involvement of white hackers.

Artem Sychev, Deputy head of the information security department of the Central Bank, said that the regulator, together with the FSB and the Federal Service for Technical and Export Control, is currently developing standards to assess the quality of work of independent companies that verify the reliability of bank infrastructure.

The representative of the Central Bank refused to clarify any details, however, sources say that one of the main standards for IT auditors will be a "full simulation of cyber attacks" with the participation of specialists with the same skills as potential hackers.

It is assumed that during such tests, specialists will reproduce the actions of real attackers, from penetration into the company's network to gain full control over its infrastructure or individual applications.

The head of the information security department of the Moscow Credit Bank Vyacheslav Kasimov agreed that the only way to qualitatively assess the security of the Bank's IT system can only be a complete simulation of a hacker attack.

Banks often make checks of their stability not for themselves, but for the regulator, so it has the right to set its own rules for conducting IT-audit, said Viktor Dostov, head of the Electronic Money Association.

According to Dostov, additional control will strengthen the protection of Russian money in the conditions of regular leakage of information from credit organizations.

Earlier E Hacking News reported that the Central Bank has a new punishment for banks for poor cyber defense. It will launch a new feature for credit institutions, it will be the risk profile on the level of information security. Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks. A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties.

Customers of Private Sector Banks Facing Problems in Net and Mobile Banking




Customers of several private sectors and well-known banks complained regarding encountering many issues in net and mobile banking in the course of the last few days, those of HDFC Bank, Kotak Mahindra Bank, and YES Bank are comprehended to have been most influenced by these 'outages'.

The issue, which made its appearance on the 1st of October, is by all accounts has been halfway settled, however numerous customers kept on facing certain issues while signing in to their accounts through the Internet and other apps.

While bank executives note that a mix of the festive season and the beginning of the month when salaries are credited just as some IT issue may have been the other reasons to have expanded the heap on servers. Following the restrictions at Punjab and Maharashtra Cooperative Bank, withdrawals had additionally increased after frenzy among certain depositors.

While the HDFC Bank, which is in the middle of a 'festive sale', appears to have briefly withdrawn an extra security feature for logging into net banking. Kotak Mahindra Bank's net banking page shows this message: “Due to high volume, you may experience some delay while accessing Net Banking. We will fix this soon. We regret any inconvenience caused.”

And at the same time, HDFC Bank spokesperson states that “Transactions through both net banking and mobile (app) banking have been very slow at times over the last couple of days, but they are going through. Though there isn’t nothing to be unduly worried about, we regret the inconvenience caused (to our customers)."

Nevertheless, the banks have guaranteed that they're making a decent attempt to resolve the issue and will ensure that the operations mentioned become, to a great extent, standardized at the earliest opportunity.

The Central Bank of Russia will fine banks for weak cyber defense


On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security.

This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc.

Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks.

The calculation of the risk profile will allow us to evaluate how the bank’s management responds to emerging cyber threats, the Central Bank added.

A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties. Moreover, this will affect the loan terms at the interbank market.

Sychev stressed that the Bank of Russia sees a connection between the way the Bank relates to information security issues and its financial stability.

Nobody before in the Russian Federation or in other countries has determined such indicators that help the regulator (the Central Bank) to form an opinion about the situation, whether it achieves the goals of the regulation or not from the point of view of information security,” Sychev explained.

It is worth noting that on September 12, the Bank of Russia recorded a “rather serious” cyber attack on Russian banks from Brazil, said Artem Sychev.

According to him, it was a BIN-attack, in which bank card numbers are generated using a special program.

Sychev noted that the direct interaction of each of the attacked banks separately with the representative of Brazil did not give results. The attacks stopped only after the interaction of the Central Bank with the Brazilian regulator.

Sberbank helped one of the largest US banks to prevent a cyber attack


In July, Sberbank helped one of the largest US banks to prevent a cyberattack and avoid damage of several million dollars. Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov announced this at the Eastern Economic Forum.

"At the end of July, our cyber defence center recorded an attack on one of the largest American banks. We informed the Bank, informed the relevant departments of payment systems to prevent the withdrawal of funds. At least several million dollars were saved," he said.

At the same time, Kuznetsov refused to tell which Bank was exposed to attack.

Kuznetsov shared the details of the cyberattack scheme. According to him, the fraudsters managed to hack one of the acquiring terminals and conduct a large number of operations. In the United States, PIN verification of transactions up to $130 is not required. As a result, at one moment the resources of several banks were attacked through a large number of operations.

At the same time, he stressed that this is a clear example of the fact that credit institutions should detect such attacks in an automated mode and not allow any actions directed against customers of both Russian and foreign organizations.

In addition, Stanislav Kuznetsov said at the Forum that Sberbank recorded about 2 thousand attacks on its systems in the first half of the year and prevented possible damage from them in the amount of at least 25 billion rubles.

According to him, the Bank noted the growth of social engineering."This is a trend to collect data about a person and corporations, and the second trend - we see that scammers focus on those companies that are poorly protected, and this is small and medium-sized businesses," he noted.

At the end of his speech, Kuznetsov said that North Korea's attacks on Russian banks are a myth, the threat to Russian resources comes "from another direction".

It is worth noting that this is the Fifth Eastern Economic Forum, held in Vladivostok on September 4-6.