Hackers have stolen more than 1 billion rubles from banks in half a year

During the six months cyber fraudsters carried out 21 attacks on bank payment systems, stealing more than 1 billion rubles. The most common way to steal money is to use viruses, sibling sites and SMS mailings.
20.07.2016
RBC
Origin source
Viruses mail

From October 2015 to March 2016 the Central Bank recorded a 21 cyber attacks on payment systems of banks, it should be posted on the website of the Central Bank Information Center monitoring and responding to computer attacks in the credit and financial sphere (FinCERT). Fraudsters attempted to steal from the accounts of banks 2.87 billion rubles., The Central Bank and banks failed to prevent theft in the amount of 1.6 billion rubles.

According to Central Bank data, the most common scheme of fraud is a mass mailing e-mail messages with the virus. Trojan.Downloader type viruses can be installed without the user to encrypt data for their "unlocking" program requires payment of malware onto computers, other, for example, could allow attackers.

Attackers send letters to banks on behalf of the Central Bank. After the bank employee opened it in his mail contained therein malicious software to scan the internal computer network and downloads the special programs that allow access to the software equipment of the bank. This allowed the fraudsters to obtain dosy data bank and to conduct unauthorized transactions, including the withdrawal of funds banks correspondent accounts with the Central Bank.

The report FinCERT notes that the majority of successful attacks on banks was due to the human factor: improvident staff opened the letter that came with suspicious addresses. "At the same time employees deliberately avoided the protection mechanisms, advising disabling add-ons. This allows an attacker to download the bank's system of malicious software, "- says the regulator.

Also, in six months the Bank of Russia has revealed 25 of DDoS-attacks. The essence of these operations is that the attacker blocks the banking service or site, making it impossible to service customers. As the regulator, it may occur as a result of competition or for political reasons. The most ambitious was a group attack Armada Collective, which the participants before the start of the attack sent a letter of ransom to prevent or stop DDoS-attacks. Total earned fraudsters using extortion of about $ 100 thousand.

The attack on ATMs and terminals
To give money to people, fraudsters often use doubles sites offering through them to pay utility bills, traffic fines, to issue the credit and so on. According to the CBA, the work of about 120 of these phishing sites has been blocked for a year. Monthly FinCERT identifies and initiates the closing of about 25-30 of these online portals.

Another common method of fraud, said the Central Bank is SMS-mailing on behalf of the Central Bank and banks (especially popular mailing using numbers 8-800). Con artists are asked to the customer's bank, call the number indicated, called personal data, provide the address, bank card number, PIN-code, CVV-code. "This information is used by them for taking money from citizens or sold to other criminals" - warns regulator.

In the second half of 2015 and the first half of 2016 also recorded a growing FinCERT intruders interest in self-service devices, such as ATMs and POS-terminals. According to the regulator, over the past eight months, criminals have stolen through these devices are about 100 million rubles. FinCERT notes that in recent yearsSales were modified POS-terminals that have additional functionality, such as the preservation of the card data and the ability to remotely download data stored on the POS-terminal.

"Schemes of cash theft are becoming more sophisticated. Scammers quickly improve their methods and technologies used by them are modified, "- says Deputy Chief of Security and Information Protection of the Bank of Russia Artem Sychev. One is still rare in the banking market scams are so-called Reversal-attack. Fraudsters use the software to send false messages to the banks on the abolition of the payment transaction. According to the Central Bank, "in most cases, processing centers do not check the authenticity of such request", and return the sum goes attacker who cashes it at the ATM.

During the reporting period FinCERT found only one such attack.

Sychev reminded that recently the Ministry of Finance in cooperation with the Central Bank has initiated amendments to the banking and federal legislation toorye, in particular, will allow banks to suspend suspicious transactions. In addition, the regulator proposes to suspend payments when there is suspicion that the sending bank has been attacked by hackers.

Who suffered from hackers

One of the latest scams attack undergone Sberbank. In mid-July, the state bank said that prevented the theft of 8 billion rubles. from its customers. The bank representative said, fraudulent transactions were carried out through the transfer of information provided by customers about their accounts after talking over the phone or through SMS messages.

In late February, another victim of hacker attacks became Metallinvestbank. It is reported that hackers had tried to withdraw from the bank correspondent accounts in the Central Bank about 667 million rubles. Part of the funds the bank managed to return, he estimated their losses at 200 million rubles. "As a result of actions taken by the Bank for writing off part of the funds to its correspondent account has been avoided, part of the money was returned to the banks to get funds," - said the bank in March 2016.

In early June, the Interior Ministry reported that from mid-2015 to May 2016, hackers stole cellstomers Russian banks more than 3 billion rubles. As reported by "RIA Novosti", the police were able to prevent any damage in excess of 2.273 billion rubles.

Also in June 2016 the FSB announced the arrest of a group of 50 hackers who stole more than 1.7 billion rubles. from financial institutions using virus software. During the operational activities of law enforcement officers blocked the fake money orders in the amount of 2.273 billion rubles. The investigative actions were carried out in 15 regions of Russia, all was made 86 searches.

Bankers say the growing number of cyber crimes and an increase in information security costs. According to the deputy chairman of Sberbank of Stanislav Kuznetsov, the number of incidents in the field of information security has grown 12-fold over the past two years.

In 2015, the country's largest bank has spent on the information security of around 1.5 billion rubles., Which is less than 1% of its net profit under IFRS. However, in the near future, experts say, the number of cyber crime will grow significantly, and banks will need to compensate for the increase in protection from fraud charges.


In total, the Savings Bank estimates that the total losses of the Russian economy by cybercriminals amount to 600 billion rubles. Global losses from cybercrime in 2015 totaled $ 500 billion, and by 2018, according to Kuznetsov's estimates, they may increase four-fold.