Читать книгу Digital transformation for chiefs and owners. Volume 3. Cybersecurity - Джимшер Челидзе - Страница 9

The financial sector is one of those who feel relatively well. The proportion of attacks on these organizations from the total number of attacks decreases from year to year. And most interestingly, there are no new groups seeking to withdraw money from banks. The reason for this is the maturity of the industry and the efforts of the Central Bank: regulations, investments in IT infrastructure and software, established information exchange. And this is understandable, if you steal money, you can see it here and now.

Organizations are attacked again through social engineering (47%) and the use of malware (downloaders, spyware, trojans, encryptors.

Theft of confidential information and stopping of key business processes (53% and 41% of cases respectively) were typical targets of bank attacks. Embezzlement was 6% successful.

Financial institutions are now under attack with the aim of:

– obtaining a better exchange rate;

– obtaining confidential information about the user and its use in other attacks by means of social engineering;

– increase system load and failures in users’ private offices.

In addition, there are still unsafe implementations of fast payment systems.

As a result, banks introduce all new security technologies:

– tighten the checks of KYC (mandatory verification of personal data of the client), including the development of services for checking documents (video calls with document recognition, downloading photos of documents, database checks, social activity assessment) to understand whether a real person is hiding behind an account;

– introduce machine learning systems to speed up, simplify and improve customer information retrieval, identify and block suspicious transactions.

As a result, the number of standard web vulnerabilities decreases, but the number of logical vulnerabilities, on the contrary, increases. And in many ways this is due to the development of ecosystems: the creation of more and more complex integrations, microservices, the introduction of voice assistants and chat bots.

However, there are two negative factors that allow PT specialists to find vulnerabilities in each organization that allow them to penetrate the internal IT infrastructure. First, security patches released by software developers are often ignored by the IT services of organizations and are not installed. Second, there is always a possibility of a vulnerability, which is still unknown to developers, but it was discovered by researchers of intruders. Such vulnerabilities are called “zero-bottom vulnerabilities”. Additionally, these factors are the key to getting the hacker inside the infrastructure, so you need to learn how to spot them in time.

In total, PT specialists were able to penetrate the internal network of organizations in 86% of cases. PT researchers also gained full control over the infrastructure and implemented unacceptable events: access to bank-critical systems, ARMA treasurers, money exchange servers. In total, PT experts managed to implement more than 70% of unacceptable events in each financial institution.

As a result, the extortionists will continue their attacks on the banks. So far, these attacks are easier to execute and cumulatively bring more profit than attempts to withdraw a large amount of money from accounts. However, now one of the main targets of hackers will be the clients of banks that use online banking. According to the Central Bank of Russia, in 2020, 75% of adults used online banking. Therefore, hackers will continue to develop the direction of compromising banking applications. Additionally, the techniques of social engineering will remain in use.

The main method is phishing – it accounts for 60% of attacks. Hackers were happy to borrow on other people’s names, foreign companies that now need to repay these loans.

As a result, if it was previously profitable to attack companies with the aim of stealing money from accounts, the work done by the regulator, and the development of protection systems reduce the attractiveness of financial companies, need too high competence and technical equipment. However, industry is the opposite. There hackers are just interested in data about clients, internal users and any information that relates to trade secrets.

Again, this leads to an increase in attacks on confidential data (from 12% to 20%). Personal data (32%), accounting data (20%) and medical information (9%) are also popular.

In general, 14% of attacks were directed at ordinary people, and 88% of attacks were through social engineering. Additionally, the ultimate goal in 66% of the cases – accounting and personal data.

Closing the chapter, I will give some more examples of the most resonant attacks of 2022 on organizations from the commercial sector:

– Lapsus$ group has hacked a number of large IT companies. It was first attacked by Okta, which develops solutions for account and access management, including multi-factor authentication support. Nvidia’s GPU developer was then attacked, resulting in the theft of 1 TB of data, including video card driver source code and software signing certificates. The stolen Nvidia certificates were used to distribute malware. In March, criminals were able to hack Microsoft and Samsung by stealing the source code of some products.

– The Swiss airline company Swissport, which operates at 310 airports in 50 countries, has been attacked by an extortion program. The attack caused numerous flight delays and a 1.6 TB data leak.

– The attack on the telecommunications operator Vodafone in Portugal caused disruptions in service throughout the country, including in the operation of the 4G and 5G networks. Vodafone Portugal serves more than 4 million cellular subscribers.

– In October, a cyber-attack on Supeo, an IT service provider for the largest Danish railway company, stopped trains for several hours. Supeo provides a solution that machinists use to access critical information – work data on tracks and speed limits. During the attack, the provider shut down its servers, causing the application to malfunction, and the drivers were forced to stop the trains. After the restoration of train traffic, the next day did not go on schedule.

– In March, Toyota suspended 14 factories in Japan for a day due to a cyber-attack on Kojima Industries, a component supplier. The cyber-attack also affected other Japanese car manufacturers – Hino and Daihatsu Motors.

– In the second quarter, a major attack occurred on three Iranian steel mills, disrupting technological processes, and in one of the factories, the attackers managed to bring down a liquid iron bucket and cause a fire.