Uncovering The Middle East Banking Attacks

In the first week of May 2016, FireEye identified a wave of targeted and well orchestrated cyber attacks on a set of financial institutions in the Middle East. A wave of emails containing malicious attachments was being sent to multiple banks in the the region. The threat actors appeared to be performing initial reconnaissance against would-be targets, and the attacks caught our attention since they were using unique scripts not commonly seen in crimeware campaigns.

FireEye technology detected a coordinated effort to compromise the security controls and gain unlawful access to over 15 financial institutes in what was a very well coordinated cyber attack. The fact that customers used FireEye Dynamic Threat Intelligence ("DTI") meant that the collective awareness of our technologies allowed for said customers to be informed within a matter of hours that this event happened on a scale. Our Mandiant incident response team helped customers understand the full scope of the attack within their environment and gave clear advice and recommendations on how to remove the adversary and ensure the business gets back to normal operations quickly. Along with this, our Cyber Threat Intelligence team helped glue all the pieces together so now we have basic attribution as to Who this attacker group was. Now we know the "Who, What, Where, When", but the "Why?" does still remain. It's clear the campaign started with a reconnaissance phase, which we expect would then lead in to lateral movement to key assets and follow with data exfiltration of IP or other information. However, this campaign was foiled in the early stages of the attack so the Why still remains. The real question is if the attacker group will update their Tools, Techniques and Procedures ("TTP") and try again or will they give up and accept their loss.

To find out more about these attacks and how banks across the globe can protect themselves, view this 45 minute webinar titled: "Uncovering The Middle East Banking Attacks" . The webinar will take you through the cyber attack when it first started in early May, the TTPs used and what steps banks can take to mitigate the risk of being a target. 

The key takeaway to this incident was that an organisation having advanced capabilities to detect and respond in a timely manner, while using appropriate cyber threat intelligence, can allow an organisation to deal with advanced cyber attack groups and limit exposure to data theft or other attacker related motives.