Russian Hackers Steal $10M From Banks

Please log in to browse. Login now

A previously unknown ring of Russian-speaking hackers has stolen as much as $10 million from US and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm that runs the largest computer forensics laboratory in eastern Europe.

The MoneyTaker group broke into 20 systems, which includes 15 US lenders, targeting ATMs with “mules” and Russia’s interbank money-transfer system, according to a report from Group-IB.

The hackers, who also breached a UK software and service provider, are now probing institutions in Latin America and may be trying to compromise the SWIFT international bank messaging service, according to the privately held security firm, whose clients range from Russia’s biggest lender Sberbank PJSC to Raiffeisen Bank International AG. Group-IB last month signed an agreement with Interpol to share data on threat intelligence and the latest cyber-criminal activities.

“Criminals have changed tactics and are now focusing on banks rather than their clients, as was standard operating procedure in the past,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, said by phone.
Russia, considered a hotbed of government-backed information attacks, increasingly finds itself a victim of cyber-crime. It was initially blamed for the Badrabbit ransomware virus that spread to more than 200 targets globally, even though some of the biggest disruptions affected Russian businesses.

Limited Resources
Since its first successful breach in May 2016, MoneyTaker has stolen from banks in New York, California, Utah and Moscow, primarily targeting smaller institutions with limited cyber defenses, Group-IB found. The average haul from US banks was about $500,000, and it stole over $3 million from three Russian lenders. “They understand that banks, especially community banks with limited resources, are the easiest marks,” Volkov said.

The cell remained undetected by using so-called fileless malware that only exists on a computer’s temporary memory and destroys itself when the system reboots, meaning it’s not permanently stored and therefore can more easily evade anti-virus programs, according to Group-IB.  At one bank, the hackers gained access to the network via the home computer of the lender’s system administrator.

Corkow Trojan
The attackers further covered their tracks with encryption certificates generated using brand names such as Bank of America Corp., Microsoft Corp. and the Federal Reserve, according to Group-IB, which previously uncovered Russian-speaking hacker cells behind the Corkow Trojan and Buhtrap.

SWIFT and Bank of America didn’t immediately respond to requests from Bloomberg. While hackers are transnational, many new types of attacks are discovered in Russia because it’s at the forefront of cyber security, a deputy head of the Russian central bank’s information security and protection department, Artem Sychev, said in an interview in November.

Group-IB said the US banks were targeted by gaining access to their card-processing system and then opening accounts at the compromised institutions. The attackers removed limits on the legitimate bank cards and used mules to withdraw cash from ATMs. The virus was so stealthy that, in at least one instance, a bank was successfully robbed twice.

While Group-IB didn’t uncover evidence of a successful attack on Swift by MoneyTaker, it found that the hackers were searching for documents related to the messaging system, which could indicate pending attacks. Last year, in one of the biggest heists in cyber-crime history, hackers used SWIFT to steal $81 million from Bangladesh.

“The more we dig, the more we’ll find,” Group-IB’s Volkov said. “This report doesn’t represent the full picture, and I can say with 100 percent certainty that there are more victims that haven’t been identified yet.”

Insurance Journal

You Might Also Read: 

Interpol/Group-IB Unmasking Pro-ISIS Hackers:

Bank Robbery: Cyber Criminals Steal $1Billion:

Bank Data Breaches Are Up And It's An Inside Job:

 

« Digital Risks Are Changing And CSOs Must Adapt
Get Into Gear On GDPR »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Bulletproof Solutions

Bulletproof Solutions

Bulletproof provides IT expert support, services, and guidance to businesses small and large as they grow and adapt to today’s complex IT, cybersecurity, and compliance needs.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.