Why Kaspersky's Bank Robbery Report Should Scare Us All - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
2/18/2015
09:15 AM
Susan Nunziata
Susan Nunziata
Commentary
100%
0%

Why Kaspersky’s Bank Robbery Report Should Scare Us All

So, you don't work for a financial institution? Don't think you're off the hook for the kind of theft discussed by Kaspersky. Banks are certainly not the only organizations moving around massive amounts of money every day.

be fired for embezzlement before anyone ever caught on that we weren't the guilty parties? That scares me. And I think it should scare you, too.

There's nothing new about the fact that the exploit involved an old Microsoft Office vulnerability for which a patch had long since been issued. We already know many organizations are sloppy when it comes to patch updates.

But the level of targeting – heck, let's call it stalking – that was involved in this attack seems pretty sophisticated to my untrained eye. The Kaspersky report noted that, as part of an automated reconnaissance phase, "the Carbanak malware checked victim systems for the presence of specialized and specific banking software. Only after the presence of these banking systems was confirmed were victims further exploited."

[ What did the Anthem breach teach us? Read Anthem Hack: Lessons For IT Leaders. ]

So, where does that leave enterprise IT, and others in your organization? Well, for starters, whatever education we're giving employees about how to identify potential malware can't possibly account for this kind of advanced persistent threat (APT). As Kaspersky stated in its report:

We believe that the Carbanak campaign is a clear indicator of a new era in cybercrime in which criminals use APT techniques directly against the financial industry instead of through customers. APTs are not only for stealing information anymore.

Here's some advice from Kaspersky on the early warning signs that Carbanak has hacked you:

(Image: Courtesy of Kaspersky Lab)

(Image: Courtesy of Kaspersky Lab)

Sure, at the moment, the targets were financial institutions. It's really a high-tech version of cooking the books. Once the hackers were inside, according to Kasperksy, they were able to set up fake accounts, or add dollar amounts to real accounts, and then authorize the transfer of those sums out of the bank, either to ATM machines or to external accounts, without anybody catching on.

So, you don't work for a financial institution? Don't think you're off the hook. Banks are certainly not the only organizations moving around massive amounts of money every day. All major multinational corporations and government agencies could, potentially, have their finance and accounting systems fall prey to a similar attack.

According to Krebs:

Most organizations — even many financial institutions — aren't set up to defeat skilled attackers; their network security is built around ease-of-use, compliance, and/or defeating auditors and regulators. Organizations architected around security (particularly banks) are expecting these sorts of attacks, assuming that attackers are going to get in, and focusing their non-compliance efforts on breach response.

Have I scared you yet? If not, tell me why. And, if you are as terrified as I am, tell me how you plan to address this in your organization. Let's discuss in the comments section below.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Susan Nunziata leads the site's content team and contributors to guide topics, direct strategies, and pursue new ideas, all in the interest of sharing practicable insights with our community.Nunziata was most recently Director of Editorial for EnterpriseEfficiency.com, a UBM ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
batye
50%
50%
batye,
User Rank: Ninja
3/2/2015 | 12:19:20 AM
Re: Stalking the intruder
@yalanand interesting point... as this days many Co. do not want to spend... keep relaying on old approach toward security... keep stepping on the old rake... sad reality of down turn economy...
batye
50%
50%
batye,
User Rank: Ninja
3/2/2015 | 12:17:03 AM
Re: Stalking the intruder
@SachinEE, with Windows 10 it more like big Microsoft hype for now until we see it on the market and see how it perform in the real world...
batye
50%
50%
batye,
User Rank: Ninja
3/2/2015 | 12:15:31 AM
Re: Keeping up with the Hackers
@impactnow, same here I could not agree more... in my books it would make sense Corporate responsibily is a must be in any case....
batye
50%
50%
batye,
User Rank: Ninja
3/2/2015 | 12:14:13 AM
Re: Putin's Kaspersky
@SachinEE agree, but in mind we only see begining of the problem or just tip of the mountain... as it gonna be happening more and more... sad reality...
impactnow
50%
50%
impactnow,
User Rank: Author
2/25/2015 | 11:41:44 AM
Re: Keeping up with the Hackers

Susan I completely agree. It's getting to a point that people expect breaches it's very sad. I hate to over regulate but I think if fines were levied against companies for security breaches that were a result of their negligence it might speed up security efforts at some organizations.

SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 1:42:15 PM
Re: Stalking the intruder
I think Windows 10 would come with a better protection from hackers because Microsoft has had us quite hyped up about the facilities it will be providing and the support base it has promised to establish sinec the support team for windows 8 was just terrible. 
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 1:37:01 PM
Re: Stalking the intruder
@yalanand: I agree with you on this one. Cloud systems offer better management of resources but the extent of security in cloud is wavering into a blurry line because security systems in cloud are just, plain, bad. Companies that have taken upto the cloud have their own team facilitating security for their utilities, and in the process investing millions of dolalrs in cloud security. I think in 2 to 3 years cloud security would come cheaper.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 1:33:39 PM
Re: Putin's Kaspersky
@yalanand: No, but companies should screen their employees better, evaluate their mental conditions and keep monitoring suspicious activity, now that might seem intrusive towards the singular privacy of an employee but it is needed to keep whistle blowing and damages in check.
yalanand
50%
50%
yalanand,
User Rank: Ninja
2/22/2015 | 1:09:44 PM
Re: Putin's Kaspersky
@moarsauce123 I don't know how much truth there is to that.  Kaspersky Lab is actually incorporated in the UK, despite having lots of Russian employees, they do lots of work with huge government agencies such as Interpol and Europol.


I agree. There would be diversity in an organisation but that doesn't mean we would frame a being just because of his/her place of origin. This gives birth to false workplace ethics. 
yalanand
50%
50%
yalanand,
User Rank: Ninja
2/22/2015 | 12:57:41 PM
Re: Stalking the intruder
Yes, this example of sly and persistent intrusion is alarming. I think we need behavior analytics that learn from routine system ops and recognize an activity that is out of line. 

Even more so these days, since everything is going up into the cloud and cloud as we know has a lingering issue of "safety and security" that still hasn't been solved. Old school identity management is severly backdated.
Page 1 / 3   >   >>
Commentary
Learning: It's a Give and Take Thing
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  1/24/2020
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll