Home   News   Features   Interviews   Magazine Archive   Industry Awards  
Subscribe
Securites Lending Times logo
Leading the Way

Global Asset Servicing News and Commentary
≔ Menu
Securites Lending Times logo
Leading the Way

Global Asset Servicing News and Commentary
News by section
Subscribe
⨂ Close
  1. Home
  2. Technology news
  3. Hack highlights holes in cyber security
Technology news

Hack highlights holes in cyber security


17 February 2015 Moscow
Reporter: Stephanie Palmer

Generic business image for news article
Image: Shutterstock
A string of cyber attacks that saw about $1 billion stolen from banks affected 100 banks, e-payment systems and other organisations in a two-year period, according to an investigation led by Kaspersky Lab.

The attacks targeted institutions all over the world and highlight the difficulty of protecting this type of system, as protection systems themselves are vulnerable to hacks.

Martin Lee, cyber crime manager at Alert Logic, said: "Whitelisting applications on PCs and laptops could have detected the malware as an unapproved application. Yet whitelisting services are not immune from attacks themselves and may just become a single point of failure which, when breached, gives an attacker the ability to deploy undetectable malware.”

“The reconnaissance phase of attack and command and control traffic are weak points for the attacker since their activity will be visible on the network. Equally, unusual changes in bank balances will give away their presence. But organisations need to be routinely collecting data so that they can spot anomalies, and have the resources to conduct investigations to identify the root cause.”

These attacks were unique as it didn’t matter what software the banks used.

Sergey Golovanov, principal security researcher for Kaspersky Lab’s global research and analysis team said: “Even if its software is unique, a bank cannot get complacent.”

“The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.”

The plot was uncovered after a combined effort by Kaspersky Lap, Interpol, Europol and authorities in the affected countries. It has been attributed to the Carbanak criminal gang, who spent two to four months on each hack, beginning by infecting one user’s computer in a corporate network.

The plot was designed to target the institution itself, leaving end users’ accounts unaffected.

Lee also said that, although forensic examinations can often oust the affected malware, this process could take too long.

“Once discovered it is quick and easy to announce that malware has been found, however it takes many weeks and months of forensic examination to identify exactly what which systems were affected, what was stolen and how far did the attack spread.”

He added: “Only through constant vigilance and paranoia at being infiltrated can organisations hope to detect and react to attacks such as these. If an attacker knows your systems and procedures better than your own IT staff, it will be a tough fight to detect and unseat the attacker.”
← Previous technology article

Quantmetrics connects with Lyxor
Next technology article →

ASEAN Exchange to build online presence
NO FEE, NO RISK
100% ON RETURNS If you invest in only one asset servicing news source this year, make sure it is your free subscription to Asset Servicing Times
Advertisement
Subscribe today
Knowledge base

Explore our extensive directory to find all the essential contacts you need

Visit our directory →

Discover definitions, explanations and related news articles in our glossary

Visit our glossary →