Carbanak: How Would You Have Stopped a $1 Billion APT Attack?

In what’s shaping up to be a textbook classic, Carbanak, a major advanced persistent threat (APT) attack against financial institutions around the world, may be considered the largest cyberheist to date. The scope of the attack and the losses it has caused make its case so significant. The surprise factor in this APT attack was the criminals’ change in approach and careful planning. Unlike the usual cybercriminal method of stealing consumer credentials or compromising individual online banking sessions with malware, the brazen Carbanak gang targeted banks’ internal systems and operations, resulting in a multichannel robbery that averaged $8 million per bank.

At the time of this post, attacks connected to the Carbanak operation are reportedly still active.

Attacking financial organizations from within is more complicated to execute than impersonating online banking users. Such a large-scale APT operation took planning, skill and resources that are not commonly seen from many organized cybercrime gangs.

The main factor that let attackers cause such damage was inadequate security controls. While the financial sector has been fervently working for decades to prevent fraud and strengthen its detection and protection mechanisms, it has not been as aware of the threats to corporate systems and internal operations networks. Since banks possibly did not expect cybercriminals to be able to attack from within the bank’s systems, internal core systems were not protected by adapted solutions that would have stopped this sort of attack. It was only a matter of time before criminals conceived and executed an operation of this scale.

Read this article here. 

This post was further translated into Japanese and can be accessed here:
Carbanak:10億ドル相当のAPT攻撃を止めるにはどうすべきだったか http://bit.ly/1CVbDP8 | #cybercrime by IBM's @iCyberFighter