According to the Kommersant publication, RTM Group, an information security company, analyzed the statistics on the penetration of intruders into Russian banking information systems in 2021 and made a forecast for the expected number of violations of the financial perimeter in 2022. According to her calculations, if in 2021 a third of the incidents occurred due to the deliberate actions of insiders, then this year there will be more such cases - at least half.
RTM Group experts studied data on incidents in banks obtained from the Central Bank, as well as from internal information of a company from the banking sector.
RTM Group explained that banks have recently been using more protective tools to counter threats from outside. Attackers can no longer compromise their systems as easily as they used to. According to RTM Group, the trend towards hacking IT systems will shift to internal leaks and deliberate actions of employees to obtain customer data or steal confidential information and internal correspondence for resale to competitors or transfer to third parties for a fee.
According to the Central Bank, in the third quarter of 2021, 107 attacks on financial organizations using viruses were recorded, as well as 22 incidents through the exploitation of various software vulnerabilities in the IT infrastructure of financial organizations. The regulator clarified that compared to 2020, the number of attacks using viruses increased by 15%, but attacks through vulnerabilities began to use almost 50% less. Malefactors in 2021 stole more than 10 billion rubles from accounts, and banks returned to clients after investigations of incidents less than 7% of the stolen money.
Market experts agree with RTM Group's calculations. They believe that now attackers have begun to actively hire bank employees for various illegal actions, since it is easier and more convenient, and they will not be directly responsible for hacking.
Representatives of banks told the publication that they do not expect an increase in internal leaks. They are preparing for the fact that all the attacks on them will be even more intense, both from the inside and outside. The bankers explained that every year they make improvements to employee training mechanisms and develop internal security centers to respond in a timely manner to any problems during incidents and quickly resolve them.
In December 2021, the media reported that a hacker group was able to carry out a successful attack on the system of interbank transfers of the ARM KBR (automated workplace of a client of the Bank of Russia) for the first time since 2018 and withdraw a large amount of money from the correspondent account of one of the banks to their accounts. Moreover, as part of this hack, hackers carried out various actions for several months - from analyzing security systems and compromising the workplace, to penetrating the perimeter and intercepting payments and covering up traces.
On October 2, 2019, Sberbank spoke about the leakage of customer data. The bank acknowledged that at least 200 customers were affected, their cards were reissued.
On October 4, Sberbank reported that the suspect in the data leak had been detained. It turned out to be an employee of a credit institution who led a sector in one of the bank's business units and had access to databases. After an internal investigation into this incident, Sberbank drew serious conclusions and radically strengthened control over access to banking systems of bank employees in order to minimize the impact of the human factor.
In February 2021, the Krasnogorsk City Court of the Moscow Region published on its portal a sentence against a Sberbank employee who was able to steal personal data of bank customers in 2019. This document describes in detail the actions of the attacker, as well as the testimony of witnesses and representatives of the affected financial institution. An employee was able to copy an archive from the bank with uploading data on clients to his work PC, and then transfer it to his home computer, the upload file size was about 5.7 GB.
bbabo.Net