Over $17 million stolen from Russian banks by hackers in 2017
According to the Central Bank of Russia, national banking system lost more than 1bn rubles due to cybercrimes last year. In many attacks, hackers used Cobalt Strike, a security tool intended to test organisations' cyber defence. A successful attack on the SWIFT system brought cybercriminals more than 330 million rubles.
Hackers stole more than 1bn rubles ($17 million) from Russian banks using the Cobalt Strike security testing tool in 2017, reports Reuters citing Deputy Governor of the Russian Central Bank Dmitry Skobelkin. During an information security conference in Russian Magnitogorsk, Skobelkin announced that 21 ''waves of attacks'' with the use of this technology occurred in 2017. ''More than 240 credit organisations were hit by the attacks, 11 of which were successful. The amount stolen was more than 1bn rubles,'' he said.
Cobalt Strike, which is a security tool used to test the strength of organisations' cyber defence, has been used by hackers to attack banks. In 2016, a group of cybercriminals known as Cobalt applied the tool to attack cash machines in more than a dozen countries. They used some malicious software to force the ATMs to give cash. Skobelkin noted that the Central Bank had sent warnings to more than 400 organisations targeted by the Cobalt group last year.
Another successful attack was performed by unknown hackers via the SWIFT international payments messaging system. The regulator's spokesperson said that cybercriminals ''had taken control of a computer at a Russian bank and used the SWIFT system to transfer the money to their own accounts''. According to Artyom Sychyov, the deputy head of the Central Bank's security department, this is ''a common scheme''. The volume of unsanctioned operations as a result of this attack amounted to 339,5 million rubles ($6 million).
Hackers also used the SWIFT system to attack Russian state bank Globex last December and to steal $81 million from Bangladesh Bank in February 2016. Brussels-based SWIFT commented that digital heists were becoming increasingly prominent as hackers use more sophisticated tools and techniques to launch new attacks. The company doesn't disclose details of the registered attacks, but some cases have become public, including attacks on Taiwan's Far Eastern International Bank and Nepal's NIC Asia Bank.
''When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment,'' said spokesperson for SWIFT Natasha de Teran. The company claims that its own systems have never been compromised by hackers.