The Bankwatch

Tracking the consumer evolution of financial services

More on the Bank heist – Kaspersky report pulled

There is some more information apparently from the Kaspersky Report referenced yeasterday. The report was launched then pulled.  However it is still available at writing time here on this German site.

It appears from reporting today from KrebsOnSecurity that these activities referenced in the report are part of an ongoing attack over several years.  There is no apparent newness here other than the Kaspersky Report, and they are not doing a very good job today of following up the hype they created yesterday.  The politics of security reporting aside, there are some real lessons here for banks to be concious of.  

The game changing aspect I indicated yesterday of amending the banks sub ledgers appears to be real.  The information I could glean today validate that they are able to observe business processes using screen shots and video gathered using malware deployed within the banks’ systems on users desktops.

The attack is ongoing against multiple banks.  Once they are inside a bank the target is generally compromised for two to four months. This period is used to gain intelligence on the actual processes within the target bank on the desktops of individual employees.

The original and primary attack method is using malware infected attachments using Microsoft Word 1997-2003 and sent by email.  Apparently the patches released for those MS Word versions were not installed.

Once the malware is deployed within the target bank, the bad guys can observe bank officers work protocols and processes over time, observe their daily routines and discern the best time window for attacks that would provide them most time to perpetrate and successfully complete the money theft.

The actual thefts seem to have been centred on SWIFT and ATM cash.

Written by Colin Henderson

February 16, 2015 at 14:15

Posted in Uncategorized

%d bloggers like this: