Over the first 8 months of the past year, hacker attacks resulted in banks losing 1.078 billion rubles against 76.5 million rubles in the same period of 2018. These are the findings of a report by the Bank of Russia's Financial Sector Computer Emergency Response Team (FinCERT) for 1 September 2017 to 31 August 2018. The successful counteraction to hacking comes as a result of overall cyber security improvement implemented by lenders and other financial institutions. This was largely enabled by information exchange between FinCERT and banks. To date, as many as 517 banks have joined the cyber threat information exchange system – that is, all credit institutions operating in Russia.
‘Financial institutions’ information systems are becoming increasingly protected, which is a factor behind the dropping volumes of cyber criminal income’, BoR Deputy Governor Dmitry Skobelkin notes. He went on to say this means that high-tech and sophisticated attacks are in for a further drop, with criminals expected to turn their focus to the most vulnerable link in a financial system – the human factor.
The report notes a rise in cyber fraud on social media, where social engineering is used. The number of hacked accounts is growing, and so is the mailout of requests for financial assistance addressed to owners of hacked accounts. FinCERT expects that as incomes from direct attacks on credit institutions decrease, wrongdoers will increasingly target personal computers and individual accounts. Experts therefore recommend greater attention and caution in web-communications with strangers.
Cyber criminals using social engineering methods will aim to put their potential victims into a stressful situation, coercing them into acting quickly before they come to their senses. Criminals cash in on fear, confusion, and the urge for quick money. These factors are always behind successful attacks based on social engineering’, explains Artyom Sychev, First Deputy Director, Information Security Department of the Bank of Russia.
The mailout of phishing emails is a key tool attackers use to gain access to legal entities’ and individual entrepreneurs’ accounts. A new type of attack has emerged recently, the so-called watering hole. These attacks are carried out through compromised portals of websites which are popular with the business community. When a user visits a cracked website, the browser loads and executes a malicious code, without the user being aware of what has happened.
18 October 2018