Cyber attacks against the financial sector: a FinCERT overview

In 2018, the Bank of Russia recorded 687 cyber attacks against credit and financial companies, including 177 targeted attacks. In the majority of instances, hackers used spoofing – the masquerading of email addresses – to send malicious software (malware). The largest number of the attacks was recorded in 2018 Q4, driven by the launch of an automated incidents processing system (AIPS) of the Bank of Russia FinCERT.

These data are presented in the Overview of the Main Types of Cyber Attacks in the Financial Sector in 2018. The document was prepared by the Bank of Russia together with companies operating in the sphere of information security and participating in the information exchange with FinCERT. Engaging independent experts to work on the report enabled the authors to form a more comprehensive picture of cyber attacks and encouraged market participants to join their efforts in combating cyber crimes.

Using the AIPS, the regulator has received from market participants over 500 malware samples hackers used in organising the attacks. Over 50% of the harmful programs identified are ransomware and encryptors. Based on the analysis of the data obtained, FinCERT specialists have prepared and distributed to financial institutions and other participants in the information exchange 155 practical bulletins with indicators prompting that the systems and networks might have been compromised; this number is almost four times higher than in the previous year. The bulletins enable participants in the information exchange to stay informed about the most current cyber threats in the financial market and to develop efficient measures to combat them.

The overview also notes that, in 2018, based on the analysis of the data obtained from participants in the information exchange through the AIPS, over 540 Internet resources that disseminated malware or operated as malware controlling servers were identified. Over 500 of these resources were registered outside Russia. The fact that such resources are placed in domain zones beyond the powers of FinCERT, which is the organisation competent to establish violations, complicates the possibility of suspending the operations of such websites. At present, a draft law is being prepared for the second reading in the State Duma, which will empower the Bank of Russia to block such resources in the Russian Federation on a pre-trial basis, irrespective of the geographical location of the domain name. The regulator expects that the draft law will be passed.

The authors of the overview recommend financial sector companies to address at least two work streams. Firstly, they need to interact with their clients and partners in raising security awareness of their employees and ensuring the required security level on their side. Secondly, banks should focus on ensuring internal network security and implementing security measures enabling them to quickly identify traces of cyber attacks in their infrastructure.

Financial market managers and specialists can use the data from the overview to plan information security measures and to inform their personnel of the main types of current threats.

5 July 2019

× Закрыть