• 12 Neglinnaya Street, Moscow, 107016 Russia
  • 8 800 300-30-00
  • www.cbr.ru
What do you want to find?
Activity Financial markets Documents and data About Bank of Russia Services
+
7 499 300-30-00 8 800 300-30-00
Events Contacts Site map About the Site
News

Information security incidents in 2023 Q1

1 June 2023
News
Share
VKontakte WhatsApp Telegram

According to the Review of Reporting on Information Security Incidents Related to Funds Transfers, in January—March 2023, banks repelled  2.7 million attacks of cyber fraudsters on customers’ accounts and thus prevented thefts worth ₽712 billion. This is the first disclosure of information by the Bank of Russia about hackers’ attempts to steal money from people’s bank accounts in its materials.

Nevertheless, intruders successfully performed 252,100 operations without bank customers’ consent for a total amount of ₽4.5 billion. Most of the money, including borrowed funds, was stolen using online banking transfers.

‘In 2023, we introduced a new reporting format to be used by banks for operations conducted without customer consent, and we now see the proportion between failed operations blocked by anti-fraud systems of credit institutions and successful illegal write-offs. Based on this and other indicators, we will further assess the efficiency of banks’ security systems. We see that the fraudulent schemes are becoming more and more sophisticated. The fraudsters are actively using social engineering methods and new ways of cheating, compelling people to voluntarily give their funds. We will continue to improve our control methods to fight attackers,’ says Vadim Uvarov, Director of the Information Security Department of the Bank of Russia. ‘You may remember that we previously recommended banks that they suspend remote access to account management for droppers. We also approved a standard for ensuring safety of financial services using the technology of electronic devices’ digital footprints. This standard establishes uniform rules for financial institutions with regard to preparing, storing and using unique digital footprints of electronic devices — a set of parameters that makes it possible to accurately identify a user’s device involved in banking and other financial transactions.’

In 2023 Q1, the regulator initiated the blocking of almost 97,000 telephone numbers used by fraudsters for scam calls. The number of cyber-enabled crimes increased by more than 2.5 times year-on-year. The regulator ordered to block 8,300 phishing sites. They disguised as official sites of financial institutions, including credit institutions, insurance companies, securities market participants, and organisations offering ultra-profitable investment products.

In addition, the Bank of Russia changed the data comparison methodology. Now, the review contains an average value of the indicators for previous four quarters, which makes it possible to track and analyse information about security incidents more thoroughly. Quarterly reports for previous periods will still be available on the Bank of Russia website.

Preview photo: Sasun Bughdaryan / Shutterstock / Fotodom
Save as PDF
The Bank of Russia website uses cookies
By using www.cbr.ru, you accept the User Agreement.