According to research of FinCERT, employees of 75% of Russian banks click on the links in phishing emails. 38% of banking applications for iOS have high-risk vulnerabilities, for Android this figure is 43%.
Attacks on banks in 2018
About 75% of Russian banks are vulnerable to cyber attacks, concluded specialists from FinCERT and other Russian companies, investigating cyberattacks. According to FinCERT, in 2018 Russian banks became victims of 687 attacks, 177 of them were targeted.
Systems of Group-IB company recorded more than 1.9 million unique fishing links in 2018. This is 85% more than in 2017. More than 26% of links are targeted to the financial sector. About 48% of finance fishing accounts for the USA, 4.7% for the Netherlands, 4.51% for Germany and 4.46% for Russian banks.
In 2018, the number of attacks on banks increased compared to the previous year, but the damage was less than a year ago. The researchers associate this to the intensification of information exchange between banks, in particular, with the launch of the automated incident processing system of Fincert.
Widespread vulnerabilities
Employees of 75% of Russian banks click the links in phishing letters. In 25% of financial organizations employees can enter their accounting data in a fake login form. Also in 25% of banks there is at least one employee who can launch a vulnerable attachment on a computer. All this is dangerous because hackers from Advanced Persistent Threat groups use phishing in nine attacks out of ten.
What is more in 67% of Russian banks a server software isn’t updated in time and in 58% sensitive data is stored in the clear. In 25% of banks it’s possible to get an access to ATMs from the internal network, according to tests of Positive Technologies.
In 38% of banking applications for iOS there are high-risk vulnerabilities, for Android this figure is 43%. In 76% of mobile applications the data is stored unsafely so passwords, financial information and personal users data can be stolen.
Advanced Persistent Threat groups
Researchers mention such APT groups as Cobalt, RTM and Silence. During 2018 Cobalt made 61 phishing newsletters, targeted to Russian and CIS banks, RTM made 59 newsletters and Silence – six. According to FinCERT, the damage of Russian banks from Cobalt attacks was 44 million rubles in 2018 and from Silence – 14.4 million rubles.
Types of attacks
Positive Technologies company concluded that the most popular method of attacks in 2018 was a vulnerable software – 58% of accidents. Social engineering was used in 49%, hacking in 36%, use of accounting data in 11% and web-vulnerabilities in 5%. The number of attacks with a use of vulnerable software has grown from 48% t 58% and researchers say that the reason is that a vulnerable software is becoming more accessible.
In the majority of accidents the attacks are aimed to the processing system of banking cards. Hackers want to take control of the interface of the system to increase the balance or the credit limit on banking cards of their confederates. After that money are cashed via AMTs.
Small groups or single hackers continued to attack ATMs and self-service terminals in 2018. Researchers noted the reduction of such methods as skimming and shimming. However blackbox attacks with a use of special devices are still popular.