Hackers stole from banks more than 1 billion rubles for six months


From October 2015 to March 2016, the Central Bank recorded a 21 a cyber attack on payment systems of banks, to be posted on the website of the Central Bank to the Center for monitoring and responding to computer attacks in the financial sphere (FinCERT). Scammers trying to steal accounts with banks 2.87 billion rubles, the Central Bank and the banks managed to prevent the theft of 1.6 billion RUB.

According to Central Bank data, the most common fraud scheme is a mass mailing e-mail emails with virus. Most of the letters contained a virus like Trojan.Downloader. The attackers sent out letters to banks on behalf of the Central Bank. After the Bank employee opened it in the mail, it contained malicious software is carried out scanning internal computer network and downloaded a special program that allows you to obtain remote access to software equipment the Bank. This allowed the fraudsters to access the Bank and carry out unauthorized operations, including withdrawals of banks with correspondent accounts in the Central Bank.

The report FinCERT indicated that the majority of successful attacks on banks occurred due to human error: hindsight staff opened the letter that came with suspicious addresses. “The officers deliberately bypassed the protection mechanisms, advising disabling add-ins. This allowed attackers to upload malicious Bank software,” writes the regulator.

To assign the people’s money, scammers often use copycat websites offering to get them to pay utility bills, traffic fines to issue credit and so on. According to the Bank for the year has been blocked the work of about 120 such phishing sites. Monthly FinCERT identifies and initiates closure of about 25-30 similar Internet portals.

Another common method of fraud, said the Central Bank is SMS-mailing on behalf of the Central Bank or banks (especially popular mailing using numbers 8-800). The scammers are asking the customer of the Bank who called the listed number to call the personal data to provide the address, credit card number, PIN, CVV. “This information is used by them for obtaining money from the citizens or sold to other cyber criminals,” warns the regulator.

“Scheme of theft of funds become more sophisticated. Scammers quickly improve their methods, and they used technology modifierade”, –says Deputy head of the main Directorate of security and information protection, Bank of Russia Artem Sychev. He recalled that recently the Ministry of Finance jointly with the Central Bank initiated amendments to the banking and Federal legislation, which, in particular, will allow banks to suspend suspicious transactions. In addition, the regulator proposes to suspend payments if there is a suspicion that the sending Bank was attacked by hackers.

In the second half of 2015 and first half 2016 FinCERT also recorded the growing interest of the attackers to the self-service devices such as ATMs and POS-terminals. According to the regulator, over the last 8 months criminals have stolen through these devices, about 100 million rubles. FinCERT notes that recently appeared in the sale of modified POS terminals that offer additional functionality, such as preserving map data, and remote download stored on the POS terminal data.

One of the latest attack by fraudsters targeted the savings Bank. In mid-July, the state Bank reported that it prevented the theft of 8 billion rubles from their customers. According to the representative of the Bank that fraudulent transactions were carried out by transmission customers information about their accounts after talking on the phone or through TEXT messages.

In late February, another victim of hackers has become Metallinvestbank. It is reported that hackers tried to withdraw from the Bank corresponding accounts in the Central Bank about 667 million rubles of the funds the Bank managed to recover the loss he estimated at 200 million rubles. “as a result of the Bank’s action of writing off funds from its correspondent account was avoided, the funds were returned by the banks receiving funds”, — said the Bank in March 2016.

In early June, the interior Ministry reported that from mid-2015 to may 2016, the hackers stole from the customers of Russian banks more than 3 billion rubles. As reported RIA Novosti, law enforcement was able to prevent any damage in excess of 2,273 billion.

Also in June 2016, the FSB announced the arrest of a group of 50 hackers who stole more than 1.7 billion rubles from financial institutions with the help of virus programs. During operative actions militiamen have blocked a fictitious payment order of $ 2 billion and 273 million rubles, the Investigative actions were carried out in 15 regions of Russia, only produced 86 searches.