INFRA
INFRA
INFRA
Newly discovered Russian hacking group steals $10M+ from banks
A newly discovered Russian hacking group is said to have stolen at least $10 million from banks in the United States, United Kingdom and Russia.
The claim comes today from the Moscow-based cybersecurity firm Group-IB, which said the group, dubbed “MoneyTaker,” has stolen funds from 20 companies. Some 16 of the attacks targeted U.S organizations, three attacks were on Russian banks and one bank in the U.K. was hit. The group primarily stole money by targeting card processing and bank transfer systems, including the Russian Interbank System AWS CBR and the Society for Worldwide Interbank Financial Telecommunication, better known by its acronym of SWIFT.
Of the organizations targeted in the U.S., the group’s first attack involved a bank using First Data Corp.’s “STAR” card processing system used by automatic teller machines. The hackers have said to obtained access to the STAR network operator portal then issued new ATM cards that they then used to withdraw cash physically from in both the U.S. and Russia. In other instances, the group is said to have used different methods, including the hacking of systems to obtain SWIFT transfer access, to steal more money.
Attributing the various hacks to MoneyTakers apparently was difficult given to the different methods they have used so far to steal money. “MoneyTaker uses publicly available tools, which makes the attribution and investigation process a nontrivial exercise,” Group-IB co-founder Dmitry Volkov said. “Incidents occur in different regions worldwide and at least one of the U.S. banks targeted had documents successfully exfiltrated from their networks, twice.”
Group-IB said it believes that the group will expand their activities going forward and may move into new regions including South America.
Stephan Chenette, chief executive office of AttackIQ Inc. told SiliconANGLE that while “most organizations have put security controls in place to prevent attackers from breaching and exploiting high value target systems such as SWIFT and ATM networks,” problems emerge because “in many cases, misconfigurations in these security controls and logging mechanisms create protection failures that allow adversaries to gain access to these critical systems without the owner finding out in a timely manner.
“We have entered a new phase of cyber requiring organizations to validate their security controls on a continuous basis,” Chenette added. “Because ultimately, the cost of testing is far less expensive than the costs of recovery from a breach.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
