Cyberhack Steals $31 Million in Assets

Published: 12/13/2016, Last Updated: 12/13/2016

Hackers stole 2 billion rubles, about $31 million in U.S. dollars, from the Russian Central Bank last week.  They fell short of their targeted goal of about 5 billion rubles ($78 million dollars), but still enough for a good haul.  Such big heists provide additional financial assets for attackers to acquire more resources for future attacks.

The Attack

Although few details are being shared at this time, there is unconfirmed speculation this attack leveraged falsified client credentials.  Bank officials were able to intervene and limit the losses.  However, the thieves may have also targeted private banks as part of this digital robbery.  The Russian federal security service (FSB) indicated that servers located in the Netherlands were acting as command and control centers for the attack and belong to a Ukrainian hosting company.  The location of servers participating in such attacks don’t necessarily mean that country was involved.  Hackers typically use servers from all over the globe in their attacks, in efforts to keep their identity secret. 

Motives are still unknown.  The FSB made it clear they are worried this may be part of a larger coordinated attack intending to destabilize Russia’s financial system.  Others speculate it may be part of a team operating out of North Korea that is trying to bring down global banking systems.  Nobody know for sure just yet.  

Targeting the Financial Sector

Banks are great targets and many of their systems are not holding up well against well-funded and sophisticated attackers.  Recent attacks against the SWIFT network highlighted weaknesses to the tune of $81 million dollars in February, when a Bangladesh bank suffered losses.  Some of that money was later traced to casinos in the Philippines.

In June, the International Monetary Fund (IMF) released a report which highlighted the risks to the stability of entire financial sectors:

Aggressive Threats

Attackers are bold in the size of heists they are attempting.  For the average cybercriminal, banks are an appealing target for one simple reason: they have lots of money which can be stolen by digital means.  At this scale, nation-state actors can undermine economies and embarrass political leaders as part of a strategic campaign against their adversaries.  Overall, there is no shortage of threats and risks.

It is a safe bet banks will continue to be targeted, security measures will attempt to close gaps, and law enforcement agencies will step-up their activities to track and prosecute offenders.  This game continues to be hyper-active.   

 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804