Highly professional, targeted attacks by hacker groups on major banks at a historic high: the first cyber attack on a central bank to cause losses worth millions
The case
In February, a cyber attack cost the Central Bank of Bangladesh USD 80 million. Authentication data from its internal network was used to carry out a number of transfers from the New York Federal Reserve Bank to accounts in the Philippines.
Evaluation
The attack bears the hallmark of a highly professional hacker group that must have spent a long time in the central bankís network in order to plan and prepare its attack and access the data and internal processes they needed to successfully implement their strategy at the most opportune time. The attack was carried out on a Thursday evening, the start of the weekend in Bangladesh. The time was carefully chosen. Most institutions have very few, if any, staff available at this time who could detect the presence of severe abnormalities and provide an immediate response.
Counter measures & Outlook
Mechanisms for detecting attackers active in the network, such as Security Information and Event Management (SIEM) or Network-based Intrusion Detection (NIDS) must either have been lacking, failed or their results were not properly analysed and evaluated by those responsible for IT security.
The carefully planned attack was not the only incident in the banking sector during the past three months. One of the most alarming was revealed in February when the Russian Ministry of Internal Affairs reported the arrest of a 50-strong group of hackers which had been planning a massive attack on the entire Russian banking system and on the international payment system, particularly SWIFT. On balance, the threat of further attacks by hacker groups on the big banks throughout the world in the second quarter of 2016 remains high.
Ransomware attacks on hospitals, public institutions, industrial companies and private users
Cases
Cyber extortion through ransomware has been subject to a lot of hype all over the world. Locky, Cryptolocker, Cryptowall, Teslacrypt and other variants have been used against large hospitals, city councils and industrial companies throughout the quarter. Institutions in Germany, Austria, the United States and Canada were particularly hard hit. Malicious software made its way into the institutions through a variety of channels and began to encrypt all the data on PCs, entire networks and on cloud services linked to the networks, releasing the encrypted data only after ransom payment.
Evaluation
The distribution strategies of the attackers are becoming more sophisticated. For example, they did not target just single institutions. On the weekend of 12 March, a coordinated attack was carried out via infected advertisements on the websites of the New York Times, the BBC, AOL and the NFL, which are visited by millions of people. It resulted in tens of thousands of infections, with many private users affected.
Most of those affected pay the ransom demand, thereby making this type of attack increasingly attractive. ìBuying your way outî is not really a good idea, however, as those willing to pay up are generally sought out by the attackers a second and third time.
Counter measures & Outlook
It would be much better if institutions and companies paid greater attention to preventive security measures to protect both themselves and the users of their online portals. Well established, state-of-the-art mechanisms such as Advanced Threat Detection (ATD), Network-based Intrusion Detection and Continuous Vulnerability Assessments (VAS) are either used too infrequently or are simply not being deployed effectively. However these tools would provide the most effective protection and limit the number of successful attacks, which can be expected to increase disproportionately within the next months, best.
DDoS attacks on online platforms: leading media portals in Sweden and Switzerlandís biggest online shops, unreachable for hours
Cases
The four largest online shops in Switzerland (Digitec, Galaxus, Interdiscount and Microspot) were offline during the weekend of 12 March. On the following weekend, the online portals of the seven leading Swedish media companies (including Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad) were unavailable for several hours. This was due to coordinated DDoS attacks which forced the websites offline by overwhelming them with floods of queries.
Evaluation
Technically, a DDoS attack is not difficult to carry out, and a large number of these attacks take place all over the world every day. However, when major companies from the same sector are attacked simultaneously on a large scale, this adds a new dimension.
Counter measures & Outlook
DDoS attacks are not managed proactively but rather reactively, with rapid detection and analysis underpinning the deployment of the correct remedial actions. As with the targeted attacks on the banks and the ransomware attacks on a wide variety of industries, the DDoS attackers chose the weekend to strike. This is the time when corporate IT security departments have only a skeleton staff, if indeed they have any staff at all. As a result, the attackers are able to cause a more extended and more serious outage of the online platforms.
Based on the general trend towards attacks occurring at off-peak times, we advise large businesses (from around 5,000 employees as a reference value) to consider introducing a 24/7 IT security operation either internally or via an external service provider. This preventative measure significantly mitigates the damage caused by targeted attacks, which will doubtless continue to increase in the future. Such an investment is therefore well spent money.
You must be logged in to post a comment Login