Highlights
– Cyber-Crime gangs in Russia and Eastern Europe are increasingly targeting financial institutions to steal consumers’ financial data
– Financial institutions will be forced to increase their capacity in cat-and-mouse game with hackers in order to protect client data
According to two independent reports released last week, organized cyber-criminal gangs are increasingly targeting financial institutions and businesses involved in processing financial transactions. The reports released by computer security vendor Symantec and telecommunications provider Verizon detailed the scope of the fraud and the techniques employed primarily by cyber-crime gangs in Russia and many Eastern European countries.
The reports highlight the increased level of organization, technical sophistication and risks taken by organized cyber-crime gangs. As more businesses increase their Internet storefront presence and more consumers take advantage of online banking and other financial services, the likelihood of financial records and transactions being stolen from servers will increase. Attackers will continue to exploit un-patched security flaws in software and hardware systems, incorrect setup by information technology personnel, and human error.
In the near to medium-term, financial institutions are going to be forced to develop new technologies to improve the security of their systems, many of which are still operating on technology and techniques developed almost a decade ago. Up until now these institutions have resisted significant changes to these systems because of the cost of deploying increased security to devices such as automatic teller machines (ATMs).
Investigations Skyrocket in 2008
Forensics investigators with Verizon’s business unit investigated approximately 100 confirmed breaches in 2008, discovering that financial institutions were the targets for 93 percent of the roughly 285 million consumer records stolen by hackers. The total number of breaches investigated by Verizon in 2008 exceeded the combined total investigated by the company from 2004 through 2007, underscoring the increased threat posed by hackers for personal data storage. The investigators also found that, unlike the attacks studied between 2004 and 2007, 90 percent of the records compromised in 2008 came from targeted attacks where the hackers carefully picked their targets first, and then figured out a way to exploit them later.
Russian Cyber-Crime Gang Exposes Target List
Verizon investigators studying the breaches uncovered one Russian based hacking group had infiltrated more than 300 companies – primarily financial institutions. The breaches took place in the United States and elsewhere using a sophisticated web-based exploitation service that the hackers accessed remotely.
During the course of their investigation, investigators discovered a complete list of companies the hackers were targeting on one of the web servers the attackers used. This information proved invaluable to the financial institutions being targeted, who discovered security breaches within their enterprises that otherwise may have gone unnoticed.
The same Russian hacker group was responsible for a well-organized heist of US$10 million in 2008 from the Atlanta-based payment processor and payroll card giant RBS Worldpay. The group artificially inflated the balances on prepaid credit or cash cards. In less than 24 hours, “money mules” – individuals hired to visit ATMs to withdrawal the money – withdrew the funds from automatic teller machines (ATMs) around the world.
Two Main Cyber-Crime Gangs
The investigators believe that two main hacker groups are behind many of the major database compromises of recent years. The breaching techniques used by both groups were very similar. The hackers scanned hundreds of financial company websites or partner sites for known security holes. Once they had exploited those holes and made their way into the target’s internal network, the attackers would install a variety of hacking tools to map the network.
The primary financial data targeted by the hackers were large stores of debit card information and corresponding personal identification numbers (PINs). The criminals would use this information to withdraw cash from ATMs once the stolen information was imprinted on fabricated cards.
Financial Institutions Will Continue To Be Top Targets
The reports highlight the growing frequency and sophistication of cyber-attacks that are fleecing millions of dollars from consumer’s financial accounts. According to the Verizon report, 17 percent of the cyber-attacks studied were categorized by the investigators as “highly sophisticated” data breaches, with these attacks responsible for 95 percent of all records stolen. This statistics illustrate that the more sophisticated attacks are reaping larger rewards for the cyber-crime gangs.
The Symantec report found that many of the cyber-criminal gangs are operating as “pseudo corporations,” hiring tech-savvy individuals to write malicious computer code to assist the groups with their cyber breaches.
The coordinated efforts between group members is allowing cyber-crime gangs to utilize the technical computer skills and knowledge of financial networks inner workings possessed by its members to execute increasingly sophisticated cyber heists. We expect these major cyber-crime gangs to continue to target large international banks and other financial institutions because of the large payoffs, little overhead costs, and the benefit of relative anonymity that allows them to repeat their offenses with greater impunity.