Blurred lines between state sponsored & ‘commercial’ cybercrime

Blurred lines between state sponsored & ‘commercial’ cybercrime

Following a hack of its Central Bank, Russia is believed to have lost $31 million, which is an amount less than the hackers initially targeted, according to media reports on December 2, 2016. Harshul Joshi, Senior Vice President of Cyber Governance, Risk and Compliance at DarkMatter, gives an anlysis of the methodologies.

In echoes of the SWIFT (Society for Worldwide Interbank Telecommunication) system hack earlier this year, where criminals stole $81 million of a targeted $1 billion plus using the Bangladesh Central Bank, the latest incident in Russia saw cyber threat actors attempt to steal a total of the equivalent of  approximately US$78 million.

 DarkMatter commentary and insights

 According to reports, the hack was carried out using falsified client credentials, though the bank has provided few additional details regarding the hackers’ methodologies. As a result of the attack, Russia says that it is now fortifying its defences as far as cyber security goes, particularly in light of a potential increase in what may be described as ‘state sponsored’ incidents as a result of accusations levelled at Russia that it may be using cyber attacks itself as a political tool abroad.

Since 2015, Ecuador, the Philippines, Bangladesh, and Vietnam have suffered similar breaches of their central bank systems, and it would appear that the trend is only becoming more rampant as hackers grow bolder (and security measures remain relatively stagnant). The International Monetary Fund has warned that emerging market economies are at higher risk partly due to complications with correspondent banking relationships.

Interconnectivity – be it with respect to digital networks in general or banking systems – need to take into consideration the cascading effects of a breach and mitigate against them. Given that the latest incident in Russia was likely orchestrated using falsified client credentials, which has become a preferred method of bank system hacking, DarkMatter advises the use of multi-factor authentication to accounts, so that even if a password is stolen and access to a system gained, the hackers are not able to access any accounts or transactions without the corresponding token or biometric for the account.

This way unauthorised transactions cannot occur without the complicity of an insider (i.e. the account administrator). We believe that the use of multi-factor authentication in combination with diligent asset management of authentication tokens is a compelling approach to minimising cyber breaches in a financial services environment.

DarkMatter also recommends that institutions adopt a pro-active approach to cyber security in which they assume a state of breach in order for them to have the defences and mitigation mechanisms in place to minimise possible disruption caused by any cyber security incident, before it happens rather than after, as is the case with the Russia Central Bank.

About the author

Harshul Joshi is Senior Vice President of Cyber Governance, Risk and Compliance at DarkMatter. In this role he is responsible for various cyber risk and regulatory activities in vital industries. He possesses nearly 20 years’ experience working for a range of leading organisations in the fields of cloud-based technologies, regulatory compliance, cyber security, governance, risk, internal audit and privacy. Harshul can be contacted on Twitter handle @Harshul_J

Browse our latest issue

Intelligent CISO

View Magazine Archive