For cybercriminals everywhere, it’s still business as usual. The recent global ATM heist that stole a total of $45M showed that orchestrated targeted attacks continue to plague organizations globally. Legacy approaches to identifying threats are not keeping up with the tactics being used to exfiltrate precious assets and corporate secrets. Although it took money mules withdrawing cash from ATMs in 27 countries to pull off the heist, we will likely see that this was made possible by a very sophisticated targeted attack on third-party card processors in India and the US – as initial reports indicate.
The real debate is how much collateral damage and fallout we’ll see as a result of this attack. Many of the same technologies and processes are used by other financial institutions. A weakness here could be used by attackers to target other banks with similar architectures.
It’s a safe bet to assume the attackers were able to acquire and maintain a persistent foothold in these banking institutions. The attackers carefully picked their target to increase the chances their attack would be successful without being discovered. Weeks and months of reconnaissance work was more than likely carried out, coupled with covert, clandestine operations once their marks had been made and a foothold was achieved.
These types of targeted attacks are not like other day-to-day threats we information security professionals face. They are more likely targeted attacks that have a specific purpose in mind. A recent white paper we’ve published discusses the lateral movement that takes place occurs within networks during these types of attacks, and looks at the tools and techniques utilized.
Online banking is increasingly important today, with nearly 94% of the world’s wealth is housed in some form of electronic currency. It’s no wonder cyber heists are on the rise and the payouts are reaching epic proportions. DDoS (Distributed Denial of Service) attacks as increasing as well, which impacts how we conduct online banking as consumers and businesses. These attacks can also consume an organization’s technical and human resources, ultimately acting as a distraction.
These incidents show that targeted attacks and cybercrime can act hand in hand. All organizations have to consider this as they incorporate their countermeasures and mitigations moving forward. How can they determine if they are in the cross hairs of a targeted attack and understand the dynamics of any threats they are currently facing?
Organizations need to understand that “targeted attacks” can involve more than just information theft, but can actively damage systems and cause significant financial losses. Tools that are valuable in this field include “padded cells” to test incoming threats that use virtualization sandboxing techniques. Threat intelligence and feedback provided by the Smart Protection Network is invaluable to provide organizations with the tools needed to deal with these attacks and protect their networks.