Papua New Guinea Department of Finance was Hit by Cyber Ransomware Attack NOT a Cyber Heist (Electronic Bank Robbery).

Cyber Ransomware attacks cannot steal money directly out of the Department of Finance or the IFMS system. The K120 Million if stolen then will be Papua New Guinea's first Cyber Heist (Cyber Electronic Robbery) but again the October 2021 Papua New Guinea Department of Finance Cyber Attack was a Ransomware attack and not a Cyber Heist.?

One of the biggest Cyber Heists in the recent past is what happened with The Bangladesh Central Bank. Bangladesh has experienced one of the largest bank robberies in history. On February 2016, thirty-five fraudulent instructions were issued by Cyber Criminals via the SWIFT network to illegally transfer close to US$1 billion from the Federal Reserve Bank of New York account belonging to the Bangladesh Central Bank. The was one of?a well-coordinated and?daring Cyber Heist where the Bangladesh Central Bank was robbed of US$ 101 Million, $20 Million was sent to Sri Lanka and US$ 81 Million was sent to the Philippines. The $20 Million that was sent to Sri Lanka have been recovered but the US$ 81 Million that was sent to the Philippines could not be recovered. Due to a lucky mistake by the Cyber Criminals, The Federal Reserve Bank of New York managed to stop other transactions. Again this does not involve Ransomware.

For the PNG DoF case,?Cyber Ransomware Criminals cannot steal money directly out of the PNG Department of Finance’s IFMS System hence what was reported in one of the daily papers could have been reported out of context. The Post Courier Report stated of K120 Million was stolen during the Cyber Attack. ?In a Ransomware Attack, Cyber Criminals will encrypt (lock) files and ask for a ransom to get a decryption (unlocking) key to unlock the files. As in the case of Medibank, the Cyber Criminals demanded a $10 Million ransom to be paid, however, the Australian Health Insurer refused to pay. The Cyber Criminals then went ahead and started leaking confidential data into the dark web, which is what we call Cyber Ransomware double-extortion (Cyber Criminals?go too far to fill their economic appetite, thinking by leaking out information, victims will change their minds to pay the ransom.)?

Papua New Guinea will see the rise of domestic Cyber Criminals in this space?in the next 5-10 years or even earlier. To hack the Department of Finance and commit such Cyber Heists, the Cyber Criminals must know how the entire payment system works for the Government of Papua New Guinea. They must have a thorough knowledge of how the Department of Treasury releases warrants, How the Department of Finance received those warrants and initiated the Electronic Fund Transfers (EFTs), and to whom those EFTs are sent, either to the Bank of Papua New Guinea or any other commercial bank, etc. This critical information will be collected using Reconnaissance, which is the first Phase of Five Phases in System Hacking. The next four (4) steps of System Hacking are Scanning / Enumeration, Gaining Access, Maintaining Access, and Clearing Tracks. During the first?Phase of Hacking, the cybercriminals will collect as much information about people who are working in the Department of Treasury, the Department of Finance, and The Central Bank of PNG. Information will be collected via Open-Source Intelligence, intelligence that is done using information users unknowingly expose to the internet via their social media platforms such as LinkedIn, Facebook, or any other internet forums, etc. Once they have enough information, they will go to the next stage trying to gain access. Once they gain access, they will maintain their access and remain quiet on the network for some time to see if the security mechanisms in place are detecting them. If they are not detected after days or weeks on the network, they will carry out their Cyber Heists.

The Cyber Criminals will collaborate with local or international banking officials. They will check around the globe which country has the strictest banking secrecy rules and open bank accounts in those countries to siphon money. During the Cyber attack, the Cybercriminals will have to simultaneously infiltrate the PNG Department of Treasury, the Department of Finance and the Central Bank of Papua New Guinea, and that is where international collaboration may come in, the Papua New Guinea domestic Cyber Criminals will look to collaborate with international cybercrime groups. The Cybercriminals will then attempt to release warrants etc. and follow the process throughout the payment value chain, starting with the Department of Treasury and ending with the Central Bank. Inside Central Bank, that is where they will transfer the monies to overseas bank accounts and that must happen on a public holiday or long weekends. Once done with the cyber heist, the cybercriminals will execute the last Phase of System Hacking, which is to clear the tracks and exit. The last phase is critical as this will make it difficult for law enforcement to come after them.??

This is a tedious and highly coordinated cyber operation. Again, once the Department of Finance attack may not be a highly coordinated Cyber Heist. We cannot preempt what the Investigation Report was done by PNG NIO will be detailing but once released, we will know if this was a Cyber Heist or a Cyber Ransomware Attack. Copy of the report hasn't been sighted in the of writing this article

?Thank You

Solomon Wesley Sua - CEO/Founder of Cyber Security (PNG) Limited

Note: This article is from the individual view of the Author only. It does not represent that of any of Cyber Security (PNG) Limited's clients or the Government of Papua New Guinea as its departments and agencies directly or indirectly affected the Cyber Attack on the PNG Department of Finance.