The Dire Straits of Cybersecurity

Money for Nothing

In late 2013, ATMs in Kiev began spitting out cash at random times, even if nobody was standing in front of them. Turns out, cash on the concrete was just the tip of the iceberg. By the time investigators got their forensics around the issue, over 100 financial institutions across over 30 nations had been breached in what might be the largest bank theft of all time.

Clicks for Free

The Carbanak Gang, named after the malware used in the heist, is comprised mostly of Russian, Chinese, and European hackers. The malware included Remote Access Trojans (RATs) that allowed the Gang to remotely access and manipulate the networks of the victim banks, completely undetected. Beginning by recording video of internal movements within the network, hackers were able, over time, to mimic bank officers performing routine tasks while actually routing funds to their own accounts.

APT: Easy as 123

Advanced Persistent Threats (APTs) are different from other cyberthreats in a number of ways. First, the breach is orchestrated in slow, patient steps, often involving social engineering, to penetrate and inhabit a network undetected. Second, the end goal of the penetration is typically to mine data rather than to damage or disable the host network. A third distinction is the elevated investment in hacker time and resources.

Risk and Reward in Harmony

The effects of the Carbanak Gang continue to ripple through the banking and cybersecurity industries, but all hackers are not Russian or Chinese. The threat is everywhere, and there are no easy solutions. ICS can be a vital part of your defense with services like vulnerability assessment and penetration testing, and prevention is a lot easier and dramatically less expensive than recovery. If you like the sound of that, you should really hear the rest of the song.

ISO 9001 2015Technology Industry InnovatorsVeteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor