Hackers stole 2 billion rubles, about $31 million in U.S. dollars, from the Russian Central Bank last week. They fell short of their targeted goal of about 5 billion rubles ($78 million dollars), but still enough for a good haul. Such big heists provide additional financial assets for attackers to acquire more resources for future attacks.
Although few details are being shared at this time, there is unconfirmed speculation this attack leveraged falsified client credentials. Bank officials were able to intervene and limit the losses. However, the thieves may have also targeted private banks as part of this digital robbery. The Russian federal security service (FSB) indicated that servers located in the Netherlands were acting as command and control centers for the attack and belong to a Ukrainian hosting company. The location of servers participating in such attacks don’t necessarily mean that country was involved. Hackers typically use servers from all over the globe in their attacks, in efforts to keep their identity secret.
Motives are still unknown. The FSB made it clear they are worried this may be part of a larger coordinated attack intending to destabilize Russia’s financial system. Others speculate it may be part of a team operating out of North Korea that is trying to bring down global banking systems. Nobody know for sure just yet.
Targeting the Financial Sector
Banks are great targets and many of their systems are not holding up well against well-funded and sophisticated attackers. Recent attacks against the SWIFT network highlighted weaknesses to the tune of $81 million dollars in February, when a Bangladesh bank suffered losses. Some of that money was later traced to casinos in the Philippines.
In June, the International Monetary Fund (IMF) released a report which highlighted the risks to the stability of entire financial sectors:
Attackers are bold in the size of heists they are attempting. For the average cybercriminal, banks are an appealing target for one simple reason: they have lots of money which can be stolen by digital means. At this scale, nation-state actors can undermine economies and embarrass political leaders as part of a strategic campaign against their adversaries. Overall, there is no shortage of threats and risks.
It is a safe bet banks will continue to be targeted, security measures will attempt to close gaps, and law enforcement agencies will step-up their activities to track and prosecute offenders. This game continues to be hyper-active.