Russian Cyber Gangs Linked To Bank Robberies

Uploaded on 2016-06-28 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

Benglaesh Central Bank Swift Code

Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank thefts that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.

The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operate in Russia and former parts of the Soviet Union including Moldova and Kazakhstan.

North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment Inc.’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.

E-mail Infiltration

Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organizations that make their living stealing from businesses.

Criminals exploited weaknesses in banks’ cyber-defenses to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware as well as the group that employs it, is spread through e-mails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec Corp.

Working Week

The disciplined and highly organized gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines. Hackers impersonated bank officials to send the messages, and they deployed malware targeting a PDF reader used to check statements.

Nathasha de Teran, a spokeswoman for SWIFT, which is the acronym for the Society for Worldwide Interbank Financial Telecommunication, declined to comment.

FireEye Inc., the security firm hired by the Bangladesh bank, has been contacted by as many as 12 other banks that are concerned that hackers may have breached their networks in a similar fashion, a person familiar with the approaches said last month. There was no indication that money was taken.

Information-Management:  

« The Cyberwar Frontier In Korea
Charge Companies for Cyber Security Failures »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

General Dynamics Information Technology

General Dynamics Information Technology

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Aspen Insurance

Aspen Insurance

Aspen is a leading diversified specialty insurance and reinsurance company. Products offered include cyber insurance.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

DataCloak

DataCloak

DataCloak is an innovation company that focus on providing enterprise data-in-motion security solutions based on zero-trust security technology.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

CMDC’s mission is to foster university-industry-government partnerships to assure that medical devices are safe and secure from cybersecurity threats.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.