The banking sector suffers a great deal at the hands of cybercrime. In July last year, a cybercriminal managed to steal the personal data of some 100 million users of the bank Capital One. In June of the same year, a malicious insider gathered information from Desjardins Group and shared it with with a third party. The breach affected around 2.7 million people and as many as 173,000 companies.
Massive data breaches are not the only cyberthreat for banks: they also have to deal with the dangers of banking Trojans, which infect their customers’ computers in order to steal their personal information and even their money. Considering all of this, it is not surprising that, according to a 2018 report, security risks are a key factor slowing the adoption of online banking.
A bank in Malta: victim of cybercrime
In February 2019, cybercriminals managed to steal around €13 million from Bank of Valletta, one of the most important banks in Malta. To pull off this theft, the cybercriminals installed malware on the servers of the Maltese bank. This allowed them to transfer money to accounts in the United Kingdom, the Czech Republic, the USA and Hong Kong.
The bank realized there was a problem during the reconciliation of international transactions first thing in the morning, when they noticed discrepancies in the accounts. Shortly afterwards, state security services informed the bank that they had received information from abroad that the company had suffered a cyberattack.
In order to minimize the risk, Bank of Valletta decided to suspend its operations, closing branches and ATMs all over Malta, as well as shutting its website. The closure of such an important bank had negative repercussions on the whole country’s economy, as the then Prime Minister of Malta, Joseph Muscat explained. What’s more, the closure caused problems for customers of the bank who tried to use their credit cards in other countries.
How did they manage to carry out this robbery?
To begin with, the bank didn’t publish any details about the attack beyond the basic facts. However, little by little, more details began to come to light. As the Times of Malta explains, the Maltese and European authorities believe that the culprit for this theft is a cybercriminal group called EmpireMonkey.
It is believed that the attackers posed as regulators of the French stock exchange in order to get onto the Bank of Valletta systems, in a case of spear phishing that could have begun as long ago as October 2018. A source explained that it is believed that the hackers managed to steal credentials from the Autorité des Marchés Financiers, the French stock exchange regulators. They then used this access to send emails containing malware that gave them access to the victim’s systems.
The arrests begin
In February this year, the first arrests related to this theft were made. British police were able to trace €944,000 of the stolen money to an account in Belfast, where payments totaling €401,000 were made before the account could be blocked. Following the money, NCA (National Crime Agency) officials were able to arrest three men on suspicion of money laundering, fraud, and theft.
Among those arrested were a 33 year old man, arrested at Heathrow Airport upon returning to the UK from China, and two men who handed themselves in at a Belfast police station. The previous day, another man had been arrested in Belfast on suspicion of the same crimes. On January 22, two men were arrested in London in relation to the crimes.
“The focus of our investigation is those suspected of having helped launder the proceeds of this cyberattack, a large amount of which were funnelled through a bank account here in Belfast,” said NCA Belfast branch commander David Cunningham. “It demonstrates how this type of criminality is often international in nature”.
How can we protect against these attacks?
Like so many other cyberattacks, this one began with a phishing campaign. This attack vector is one of the most frequent, and it is often up to the user to protect it, since the decision to open an email or not comes down to them. This is why it is vital that any kind of company—from SMEs to international banks—teach their employees the importance of being prudent when it comes to the emails they receive. The most important thing is to not open any attachments from unknown senders.
However, we cannot leave cybersecurity solely in the hands of employees—human error can lead to serious incidents. What’s more, there are many threats that don’t get in via email, but rather through vulnerabilities in the system or other attack vectors.
For this reason, every company that wants to constantly protect its IT system must have an advanced cybersecurity solution. Panda Adaptive Defense provides constant monitoring of all activity on the system. What’s more, Panda Adaptive Defense doesn’t use signatures to detect malware—a technique that can let new or unknown malware slip through the net. Rather, it uses a zero-trust attitude.
As well as this, Panda’s corporate cybersecurity solution classifies each and every process on all devices and defines their behavior profiles. If it detects any suspicious activity, even if it doesn’t have a seemingly suspicious profile, it blocks it and analyzes it in order to make a decision about what to do. What’s more, it has anti-exploit technology that is able to detect malicious scripts and macros.
Banking is a sector that is constantly vulnerable to cyberattacks. To stop this kind of organization falling victim to cybercriminals, it is essential to monitor all system activity to stop every threat before it can become dangerous.