Page 8 - Cyber Warnings
P. 8
What are the attack methods being used? Are these uniquely crafted for the Banking
Sector?
Yes and no! The issue is that there is still the ‘mainstream’ tide of malware which is still an issue
and a potential threat, but the major concern are the more targeted attacks. Using a modified or
mutated version of existing malware provides a convenient, zero day version – zero day means
invisible to anti-virus systems and to an extent, sandbox and IPS systems.
How are these new APT Malware attacks formulated?
Right now there has never been less of a need to create new malware as Brian Krebs reported
recently. Existing malware only needs minor modifications to become operational as a zero day
threat.
There still needs to be a vector for the malware – a means by which it can be transmitted –
typically a vulnerability that is exploited or complicit or gullible personnel (i.e. phishing attacks),
which is why vulnerability management and system hardening are key actions to take in order to
mitigate the threats.
If a system is infiltrated by a Banking APT, what is the likely trajectory or behavior of the
attack?
In a sophisticated attack such as the Carbanak attack, this was the very model of an APT
(Advanced, Persistent threat) in that it gradually penetrated further into banking systems over
time, stealing credentials in order to gain progressively higher access to more critical systems
and provide remote control capabilities and video monitoring of systems usage.
The payoff for the attack was to allow the gang to help themselves to bank reserves and move
money to their accounts at will through their access and control of core bank systems.
In one especially audacious and creative move, the gang re-programmed ATMs to dispense
cash on demand, issuing 5,000 Ruble notes when 100 Ruble notes were requested.
Targeting of ATMs is a scary prospect – how do Banking cyberattacks differ to those
active in the Retail sector?
The banking attacks have been successful in directly providing access to funds transferred from
bank reserves, whereas Retail attacks have tended to focus on Card Data theft, such as Home
Depot, Target etc.
Card data is still a highly valuable commodity that allows goods to be acquired fraudulently to be
converted to cash.
8 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
