Banks and ATM's Under Cyber Attack
Matthew Rosenquist
CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers
The Silence hacking crew, mostly attributed to a group of very crafty Russian hackers, has struck again pulling-in over $3 million in cash from ATMs.
At least 3 banks have been attacked in the latest campaign, with Dutch Bangla Bank being the largest. The criminal hackers first compromised the bank’s card management infrastructure then undermined the integrity of the approval systems allowing co-conspirators to use bank ATMs to withdraw large sums of cash totaling over $3 million.
This hacking crew originated in Eastern Europe around 2016 and first started attacking financial institutions in Russia, Ukraine, and Poland before expanding into the Asia Pacific region. Banks in India, Bangladesh, and Sri Lanka are the most recent targets.
Silence is considered a top tier cyber-criminal group. Their methods are technically sophisticated and they operate with a good degree of patience. There is speculation they may have deep experience in penetration, reverse engineering, application development, and even security practices.
With custom software, effective hacking skills, and a network of money mules, this band is able to victimize banks at incredible levels. Their success in stealing large sums of cash will only promote more attacks.
Customers cannot stop such attacks. Because Silence targets the banking and ATM infrastructures, there is little the everyday user can do to protect themselves other than bank with a reputable institution that will actively work to prevent, detect, and respond to such attacks.
From a risk perspective, Silence is ranking high among hacking groups. A new breed of highly capable and technically savvy threat groups are emerging. Some are direct appendages or supported by Nation States while others are smart organized criminals looking to leverage the opportunities in the digital world for their own profit. Regardless, these groups are at the forefront of developing stealthy and effective exploits, driving malware capability evolution, and pulling off some of the biggest heists against the financial community. Success allows for reinvestment in tool, capabilities, and reach. This makes them stronger and more difficult for cross-border authorities to track and take-down those responsible.
This is not the last we have heard from Silence or others of their ilk. I predict by the end of 2019 we will see a number of significant breaches to APAC banks which will stir great concern across the global financial landscape, effecting both traditional banking as well as emerging cryptocurrency exchanges.
The cybersecurity firm Group-IB has been tracking the activities of the Silence group for several years and has a good write-up of their profile and evolving techniques.
Physical and Cybersecurity | Ecosystem Orchestrator | Public Speaker | Founder | 3x SIA WISF Power 100 | SIA Progress Award | Sports | IIFX Women in Sports Innovator | Past-Chair SIA Women in Security Forum
5 年Are you going to Cyber Secure? If so, join us for dinner Tues night.
I go into networks and audit the network security, or lack of security... I have seen a lot. I work with you to improve your security, create your disaster recovery plan and make things work faster.
5 年Banks can start by making sure all the software is patched. I've stopped counting how many times I have seen pictures of ATMs with the WinXP Blue Screen of Death online.
Harnessing AI & remote mindset data to find A+ customers and employees
5 年Time to adopt DLT