Most often the cyber fraudsters use a primitive sending phishing emails to employees of bankofameri began to attack Russian banks through the interbank communication system SWIFT. This “Izvestia” said a source close to the Central Bank. Information was confirmed by representatives of the companies specializing in cybersecurity. According to the source “Izvestia”, the cyber fraudsters had withdrawn from the affected banks about €2 million. Experts believe that this is just a trial balloon. Further damage from the theft of money via SWIFT is going to grow.
Technically the scheme of cyber attacks on system Society for Worldwide Interbank Financial Telecommunications (SWIFT) at its core no different from the attack on the correspondent accounts of the banks. Scammers start malicious software for hacking information systems of the credit institution (in this case SWIFT). Most of all — by sending phishing emails. Enough to one employee opened an infected e-mail, and hackers, the road is open.
After that comes the capture of the information infrastructure of the Bank — in fact, attackers are beginning to manage the network, it becomes available information about all the Bank’s operations, the frequency and volume of transactions, the balance on correspondent account. Hackers were in the network of the Bank a week or two. Then preparing the team for the withdrawal (cashing) of stolen funds are generated fake documents to write off funds from correspondent accounts, assure legal signatures of responsible persons of the Bank. Payment orders are sent to the payment system for which payment is a legal document, so it is obliged to fulfill in accordance with the contract and law.
— According to the logic of SWIFT is the next target of hackers in Russia, — says the CEO of Digital Security Ilya medvedovskiy. — As well as in his time happened with CBD arm (automated work place of the client of the Bank of Russia), SWIFT today after attacks on Western banks clearly ceased to be for intruders, “black box”. Technology attacks on SWIFT is already quite established, and therefore, it is likely that Russian cyber criminals will be able to benefit from Western experience.
According to the head of security of banking systems Positive Technologies Timur Yunusov, the first step to protect from hackers — awareness of Bank employees in the area threats of attacks on the internal network.
And the easiest way of the initial inspection that level — test agreed with the Bank phishing mailings and emulation (exact execution of a computer program or part thereof recorded in the system commands on another computer) hacking attacks — says Timur Yunusov. — Our experience in conducting such “audits” shows that in most banks, the level of awareness of staff in General is low. While it is sufficient that only one employee has opened this malicious email.
Representative Positive Technologies emphasizes that the task of the hacker is not limited to the infection of one workplace: we need to raise their privileges in the network to penetrate to the protected segment that processes the payment order and sending requests in the system the Bank of Russia and SWIFT.
According to the forecasts of the representative Positive Technologies, cyber attacks on Russian banks via SWIFT in 2016-2017 will be more.”
— We are talking about billions of rubles and tens of successful attacks, — said Timur Yunusov. — It is logical that the hackers in the first place begin to repeat the successful “pilot project”, so in the first place is to draw the attention of the banks connected to the SWIFT system.
The Chairman of Loko-Bank Andrey lyushin confirms that “we are talking about billions of dollars of risks, as potential losses of the Bank in the event of a successful attack is limited only by the balance on its correspondent account”.
According to the forecasts of the Central Bank, the volume of cibercasino given the attacks on correspondent accounts of banks by the end of 2016 will be about 4 billion rubles. According to experts, given the attacks on credit institutions using SWIFT, this figure will be surpassed.
Timur Yunusov draws attention to an important caveat: the very SWIFT and its protocols no one has yet broken.
Clearly, the hackers in the above cases entered into the Bank’s network and, having received full rights on the computer where you installed the client system learned to substitute for the operator information about the transactions, — the interlocutor explained. — Update the client software, to help deal with the substitution of such data, was released immediately. Similarly, changing its requirements and the client ON the Bank of Russia, trying to help credit institutions better able to cope with the attacks. But the primary responsibility for its assets rests on the banks themselves.
In SWIFT and “Provision” have not provided online comment to the query of “Izvestia”. Connected to SWIFT 9 thousand banks from 209 countries of the world. According to “Izvestia”, the Russian banks deduct the servers and salaries 2 thousand employees of the Central office in Brussels for €40-150 thousand a year. Earlier hacker attacks through the SWIFT system was subjected to the Central Bank of Bangladesh (the damage amounted to $81 million), Ecuador Banco del Austro ($9 million) and the Ukrainian Bank, whose name is not disclosed ($10 million).
