Criminals recently launched hybrid attacks that involved a combination of cyber and physical activities to steal money primarily from banks located in post-Soviet states, according to Trustwave, a Top 100 MSSP for 2017.
With the attacks, people opened bank accounts, and a cyber team used these accounts to attack the banking infrastructure, Trustwave indicated in its SpiderLabs Advanced Threat Report. Then, another team collected money from ATMs located in foreign countries.
Legitimate debit cards were used to perform the ATM transactions, and criminals removed anti-fraud controls for the bank accounts, Trustwave noted. That way, the cash-out did not trigger any alarms in the bank systems.
In addition, criminals manipulated the overdraft (OD) limit of debit cards and completed their withdrawals "almost simultaneously," Trustwave said in a prepared statement.
"The same minute the first card OD limit was modified, the physical card was used in another country to perform the withdrawal," the company stated. "This sophisticated coordination is a strong indicator of organized crime activities."
Hybrid attack victims' losses total around $40 million to date, Trustwave stated. However, when taking into account undiscovered attacks and investigations undertaken by internal groups or third parties, Trustwave estimated that hybrid attack losses could total hundreds of millions in U.S. dollars.
The hybrid attacks currently are localized to Eastern European countries, Trustwave stated. Yet the attacks represent "a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year," the company pointed out.
How Can Banks Protect Themselves Against Hybrid Attacks?
Trustwave offered the following recommendations to help banks address hybrid attacks:
- Prepare and test an incident response plan.
- Set up a managed detection and response (MDR) program.
- Implement and maintain technical and non-technical bank system controls.
- Manage local administrator bank account credentials.
- Restrict access to network domain accounts.
Banks need to expand their defensive security strategies and assume that they have "already been compromised," Trustwave said in a prepared statement. This approach enables banks to actively search for threats, Trustwave noted, and mitigate these threats before they can realize their full potential.
Trustwave offers both cloud and managed security services. The MSSP specializes in data protection, risk management and threat intelligence and provides cloud and managed security services to customers in 96 countries.