Hackers stole more than 21 million rubles from a Russian bank

    Image: Unsplash

    Law enforcement agencies completed a preliminary investigation into the theft of 21.5 million rubles from one of the Russian banks. The unnamed financial institution is located in Yakutia. Its infrastructure, including ATMs, was attacked using a Trojan to gain remote access, the attackers converted the money into cryptocurrency and brought it abroad.

    What happened

    According to the Ministry of Internal Affairs, in July 2017, two criminals with accomplices with the help of malicious software received remote access to the bank’s systems and its ATMs and stole 21.5 million rubles.

    Law enforcement officers detained two unemployed residents of Moscow. They are accused of the fact that in 2017, with the help of accomplices, they managed to hack the bank’s network and install malicious software on computers. As a result, they managed to attack the company's ATMs and steal tens of millions of rubles from them.

    Statistics cyber attacks on the field of finance

    Despite such news, according to statistics, the security situation in the field of finance is gradually improving. For example, in 2015, in its study , the Group-IB company told that in a year the criminals withdrew nearly 100 million rubles, or 400 thousand per day. At that time, about 70 attacks per day occurred.

    The Security Directorate of the Central Bank of the Russian Federation in June 2016 led its statistics on attacks against financial institutions. According to these data, in 2015, more than 20 hacker attacks were committed on Russian banks .

    According to the most recent statisticsFinCert - a division of the Central Bank on cybersecurity in the financial sector - from January to August 2018 targeted attacks on banks brought criminals 76.5 million rubles. A year earlier, cybercriminals' income amounted to 1.08 billion rubles, and this despite the increase in the total number of attacks (22 in 2018 against 20 last year).

    According to FinCERT experts, the damage caused by hackers is reduced due to the successful counteraction to their work by the security services of financial companies and law enforcement agencies - for example, Cobalt, one of the cyber-grouping leaders, who has stolen 1.16 billion rubles from 240 Russian banks, ended up in prison. As a result, the earnings of intruders fell almost 20 times.

    Do hackers attack the stock market

    Sometimes criminals succeed in carrying out a successful attack with serious consequences for companies engaged in exchange trading. For example, in 2015, hackers attacked Kazan Energobank with Trojan Corcow. With it, they managed to seize control of the computer in the network of the bank on which the trading terminal was installed. This allowed criminals to make unauthorized transactions on the purchase and sale of currency on the Moscow Stock Exchange. As a result of manipulations, in 15 minutes the ruble exchange rate fell by 15%, and the company lost 244 million.

    They also attack end users of software for exchange trading. According to the studysecurity of software for trading on the stock exchange, in 61% of applications, an attacker can gain control over the personal account of the user of the trading terminal, and in 17% of the applications, the displayed quotes and charts can be changed. In the first case, the hacker can perform unauthorized operations, and in the second, mislead the user and force him to take the wrong investment decision, leading to losses.

    Brokerage hacking statistics are not publicly available. Moreover, in the case of attacks on stock exchanges or brokerage companies, it is extremely difficult for hackers to count on immediate earnings. Burglars can take advantage of the stolen information for dishonest trade, but this is already a rather complicated scheme, which not every attacker can do. Most cyber crooks prefer to follow the path of least resistance.

    Moreover, thanks to the work of the Central Bank of the Russian Federation, the security system on Russian stock exchanges is built quite well. In 2015, our own information security center was established here, actively exchanging information with banks and stock exchanges. In 2016, the Moscow Exchange completely switched to a new information architecture and updated equipment to minimize losses from technical failures.

    In addition, brokerage companies themselves are working on user security. For example, users of the SMARTx trading terminal from ITI Capital can activate a specialized risk management module. It allows you to set restrictions for violation of which - for example, a certain loss is achieved - the sending of new orders and the opening of new positions is prohibited.
    Ultimately, the complexity of hacking and withdrawing brokerage systems makes cyber attacks in the field of stock trading not too profitable for cybercriminals.

    At the same time, the main "vulnerability" of most systems are most often users, therefore, they are most often attacked. For example, if the number of cyber attacks on banks is a couple of dozen per year, then the number of cyber attacks on customers goes to thousands - in 2017, Sberbank recorded about 5 thousand attacks on its customers every week .

    To prevent such attacks, users should use a “clean” computer for trading on the stock exchange, which is not normally used for web surfing. It is also worth using two-factor authentication for the login to your personal account on the broker's site, and not to transfer data for access to trading accounts to third parties.

    - German Grigoryan, Head of DMA ITI Capital

    Other materials on finance and stock market from ITI Capital :

    Also popular now: