Russian security firm Kaspersky has just released details of an elaborate, multi-year, multi-country heist that netted hundreds of millions for the group orchestrating the crime. Rather than a series of spectacularly violent bank robberies, this campaign played out quietly and slowly on the technology infrastructure of over 100 financial institutions in 30 different countries. Unfortunately for us, Kaspersky and the banking industry are keeping specific names out of the public spotlight, as expected. It can be assumed that the organizations involved don’t want to damage their reputations, and authorities typically refuse to comment on onging investigations. How did the criminals gain such unprecedented access? Simple malware campaigns targeting employees and officials, which eventually led to a fully compromised infrastructure that allowed the criminals to quietly funnel away millions and leave very few traces behind.
What this means for you:
It may sound a bit cliched to trot out the saying, “There are 2 types of companies, ones that have been hacked, and ones that have been hacked and don’t know it,” but in this case, the criminals were able to steal vast amounts of money by staying well under the radar, an approach that is at direct odds with the normally disruptive and in-your-face style of malware and hacking many people have encountered previously. By lurking quietly in the background, the criminals gained complete familiarity with organizational procedures and employee habits, allowing them to digitally impersonate privileged officials and processes to move money around and out of the organization with impunity. Without a smoking gun, shell casings, fingerprints or DNA evidence, the only trail authorities could follow was the money one – a trail that was obfuscated by digital sleight-of-hand and spoofed internet addresses. Even though your organization may not be targeted for this kind of heist, there are many other types of data cybercriminals value, and it’s in their best interest to not get caught. Don’t look for the obvious malware symptoms – those types of attacks are analogous to vandalism and random, impersonal pollution. The real cyberattack you need to worry about is the one you can’t see.
Image courtesy of 1shots at FreeDigitalPhotos.net