Russian Cyber Gangs Linked To Bank Robberies

Uploaded on 2016-06-28 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

Benglaesh Central Bank Swift Code

Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank thefts that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.

The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operate in Russia and former parts of the Soviet Union including Moldova and Kazakhstan.

North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment Inc.’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.

E-mail Infiltration

Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organizations that make their living stealing from businesses.

Criminals exploited weaknesses in banks’ cyber-defenses to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware as well as the group that employs it, is spread through e-mails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec Corp.

Working Week

The disciplined and highly organized gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines. Hackers impersonated bank officials to send the messages, and they deployed malware targeting a PDF reader used to check statements.

Nathasha de Teran, a spokeswoman for SWIFT, which is the acronym for the Society for Worldwide Interbank Financial Telecommunication, declined to comment.

FireEye Inc., the security firm hired by the Bangladesh bank, has been contacted by as many as 12 other banks that are concerned that hackers may have breached their networks in a similar fashion, a person familiar with the approaches said last month. There was no indication that money was taken.

Information-Management:  

« The Cyberwar Frontier In Korea
Charge Companies for Cyber Security Failures »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.