In 2018, hackers spent 687 cyber attacks on Russian banks and stole 1.4 billion rubles from cards

Russian banks got acquainted with the statistics of financial fraud for 2018 and received recommendations for protection against cyber threats. The corresponding report was published by the Center of monitoring and response to computer attacks of the Bank of Russia FinCERT.

According to the study, 177 of the 687 hacker attacks on banks recorded in 2018 were aimed at gaining financial gain. About one third of all distributed malware is aimed at embezzling funds.

At the same time, two hacker groups caused the greatest damage to financial institutions: Cobalt (also Carbanak and FIN7) and Silence – 44 million rubles and 14.4 million rubles respectively. For comparison, in 2017, the damage from attacks using the Cobalt Strike complex exceeded 1 billion rubles.

At the same time, the number of attacks on banking clients increased by a quarter. In 2018, fraudsters conducted 417,000 illegal card transactions. The damage at the same time amounted to 1.4 billion rubles.

To counter the most common attacks, the Central Bank has prepared instructions for customers and employees of financial institutions.

Thus, banking clients are advised to be prudent when communicating by phone, ostensibly with employees of a bank or security service. Fraudsters use social engineering methods in 80% of cases of embezzlement of funds – in 2018 at least 3,000 such attacks took place every month.

The main vulnerability of banks also remains the human factor. FinCERT advises not to store passwords in text files on workstations and carefully check for phishing emails.

Additional risks for banks, according to researchers, are also created by the use of corporate blockchain systems.

“The components of these systems, the connection between them and other financial institution systems open up new opportunities for infrastructure penetration. Safety assessment of pilot implementations of blockchain technology in banking projects showed that 71% of cases contained vulnerabilities in smart contacts, half of the projects had vulnerabilities in applications used to access data stored in the blockchain. This is due, among other things, to the fact that the practice of safe development has not yet been developed, and security requirements for the introduction of such systems have yet to be formed, ”the report says.

The consequence of such attacks may be unauthorized entry of data into the registry, attacks on users by the blockchain, complete blocking of the system’s performance, and intrusion into the organization’s network using specially prepared blockchain transactions used as a transport for attacks on related systems. Hypothetically, this could lead to complete control by the offender over the organization’s critical resources.

In connection with the above, the heads of credit and financial organizations should require from IT departments timely updates of antivirus software, maintaining detailed logs of user activity and high-quality password policy. The number of local administrators should be as limited as possible, while they should exclude work with remote administration tools. Also, it would not be superfluous to conduct “cyber attacks” and security trainings with staff and customers.

Recall that in August 2017 FinCERT released a list of security measures to counteract encryption viruses.

Subscribe to the BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.