Statistics of the Central Bank: hackers' earnings from cyber attacks on financial institutions in 2018 fell almost 14 times
Image: Christiaan Colen | CC BY-SA 2.0 A
division of the Bank of Russia called FinCert, which deals with issues of cybersecurity in the financial sector, presented a new report on the state of affairs in the industry. According to statistics published by Vedomosti, hackers find it increasingly difficult to successfully attack financial institutions. The decrease in profits forces attackers to switch to clients and users of financial companies.
Earnings hackers reduced
According to the report, from January to August 2018 targeted attacks brought them 76.5 million rubles. A year earlier, cybercriminals' income amounted to 1.08 billion rubles, and this despite the increase in the total number of attacks (22 in 2018 against 20 last year).
According to the experts of FinCERT, the damage from hackers is reduced due to the successful counteraction to their work by the security services of financial companies and law enforcement agencies.
For example, in March of this year, one of the leaders of the hacker group Cobalt was detained, which carried out large-scale and successful attacks on financial institutions, including those related to the kidnapping of money from ATMs. In February 2018, the Central Bank reported that for the whole 2017, hackers from the Cobalt group stole 1.16 billion rubles from 240 Russian banks.
The focus of the attackers is shifting from the banks to their corporate clients.
Despite the fact that attackers still manage to carry out successful attacks on banks, it becomes increasingly difficult to do so. Most criminals manage to penetrate the network of a financial company using phishing (some employees still open suspicious emails) or hacking out-of-date versions of software. However, banks are working on installing updates and staff training.
At the same time, the level of information security of corporate clients of banks is usually at a much lower level. Therefore, it is often easier to attack them - so the focus of interest of hackers is shifted to small and medium-sized businesses. Changes in legislation also contribute to this - for quite some time now, large organizations belong to the “critical infrastructure”, which toughens punishment for cyber attacks on them.
Attacks in the field of stock trading and how to protect them
The attention of cybercriminals attracts not only banks and their clients, but also the sphere of stock trading. They crack money transfer platforms, try to penetrate the infrastructure of banks and exchanges , steal trading algorithms of hedge funds and attack end users of financial systems.
Sometimes they succeed in attacking with serious consequences. For example, in 2015, hackers attacked Kazan Energobank with Trojan Corcow. With his help, they managed to seize control of the computer in the network of the bank on which the trading terminal was installed. This allowed criminals to make unauthorized operations on the purchase and sale of currency on the Moscow Stock Exchange. As a result of manipulations, in 15 minutes the ruble exchange rate fell by 15%, and the company lost 244 million.
They also attack end users of software for exchange trading. So recently, Russian researchers have publishedthe results of their research security software for trading on the exchange. It turned out that in 61% of applications, an attacker could gain control over the personal account of the user of the trading terminal, and in 17% of applications it is possible to change the displayed quotes and charts. In the first case, the hacker can perform unauthorized operations, and in the second, mislead the user and force him to take the wrong investment decision, leading to losses.
To prevent such attacks, users should use a “clean” computer for trading on the stock exchange, which is not normally used for web surfing. It is also worth using two-factor authentication for login to your personal account on the broker's website.
In addition, the brokerage companies themselves are working on user security. For example, users of the SMARTx trading terminal from ITI Capital can activate a specialized risk management module. It allows you to set restrictions for violation of which - for example, a certain loss is achieved - the sending of new orders and the opening of new positions is prohibited.
In addition, you can use the SMARTcom API to verify the data displayed in the trading terminal - the service allows you to develop your own trading applications, program robots, and use partner applications. Before making large transactions, the trader will be able to verify the data in the terminal and third-party software to minimize the risk of error.