The financial sector has always been interesting for scammers, only the methods of attacks are changing
Fintech against hackers: how the market is fighting cyberattacks.
With the development of information technology, people get new opportunities, but on the other hand, innovations give rise to new security threats. And the financial industry is no exception. PaySpace Magazine learned about the main trends in card and ATM fraud, as well as new methods and approaches to combat different types of fraud in the payment field.
During the first quarter of this year, four skimming devices were seized. At the same time, scammers are looking for new ways to attack ATMs. Since the end of the previous year, we have recorded new types of logical attacks. And although they have so far been unsuccessful, we can see that the attackers have not lost interest in ATMs.
However, ATMs are just one of the targets of cybercriminals.
Koval named the cyber groups that the financial sector should be wary of this year - BT.Spy, Sandworm.Go. And Olesya Danilchenko still advised to pay attention to the activities of Cobalt. Indeed, in March 2018, law enforcement officers managed to expose one member of this organization. It turned out to be from Kiev. According to Danilchenko, some members of the group are still in Ukraine.
In addition, there are cyber groups, the members of which are citizens of Ukraine. According to Koval, these are Fin6 and Fin7 . The criminal activity of these organizations is aimed at the American financial market. They are actively attacking POS terminals and US stock exchanges.
Yuriy Poltenko, a representative of the Cyber Police Department, also drew attention to the functioning of criminals involved in investment fraud in Ukraine.
The underlying factors that led us to scrutinize these fraudulent schemes were a number of incidents in Belarus and Kazakhstan. The scheme itself is tailored to work in the CIS countries. However, we managed to establish at the first stages about five victims in Ukraine
Cyber police managed to obtain information about the activities of fraudsters on online trading platforms thanks to the analysis of a large amount of data. In particular, according to Poltenok, law enforcement officers analyzed the norms and restrictions governing the activities of online brokerage platforms that offer services in the field of trading in derivatives of the foreign exchange market (Forex). They also referred to the work of insiders - there are about 400 such centers in Ukraine. However, the main information about the activities of the group was obtained as a result of the analysis of the footer of the site, which indicated the details of where the company was registered.
Attackers, using the online resource for Forex trading, created artificial conditions so that the client could not download the official application for trading on the platform. Then the scammers offered online services for registering the personal account of a potential victim, after which they had access to all user data. Criminals could make changes to the trading history, creating the illusion that the person himself lost
It was established that the attackers used international dialing codes (London, Zurich, Dublin, Sydney, Tokyo, Barcelona, Berlin, Almaty, etc.) to make calls in order to attract persons as clients of the fictitious brokerage company "Trade 12". These numbers were used in VoIP call centers. Thus, cyber police officers exposed 26 offices in Ukraine, which carried out fraudulent activities related to Forex trading.
Vice-Director of UkrSWIFT Dmitry Dyachkovsky presented the procedure for financial institutions-users of SWIFT, aimed at improving the security of their internal systems. So, what principles should be adhered to:
The main risks for banks without branches: the monobank experience.
The first major risk a bank faces in a smartphone is hacker attacks. For offline banks this is not so critical, because they can say: "Our site is down, please contact the branch." We cannot explain to clients that we have any technical problems and in 20 hours we will restore everything
Dmitry Kovalevsky believes that there are no data centers in Ukraine that can withstand serious DDoS attacks. Kovalevsky claims that he has faced an incident more than once when a generator in a domestic data center simply could not start. In addition, the NBU requires all banking institutions to work in the data centers of the regulator. However, there are no optimal conditions for working without interruptions. And, as Dmitry says, a mobile bank cannot "lie" for at best 10 minutes while the problem is being fixed.
Despite the Amazon IDS system, monobank has its own development culture.
Our code safety culture extends to every developer
In addition, outside specialists are involved to obtain an objective assessment of whether the system will be able to withstand hacker attacks of varying complexity.
However, the most sensitive issue for a mobile bank is insider leaks at the escort level. According to Kovalevsky, out of 200 employees of the monobank call center, about 30 received offers to sell the base.
How it happens: a customer support employee receives an offer to separately record the phone number and e-mail of clients with large amounts of funds. This information and are ready to buy a third party. Thus, during the analysis of the database, we cannot identify leaks, because there is no such leaks.
Bank has found a way to prevent such information leaks. They set limits on the amount of data received for the call center employee.
If the operator starts to rustle over the data without an incoming call, the system generates an alert, which is processed manually by a special monitoring service.
This information was announced at the XIX Payments & XII Security EMA Conference dedicated to payments and payment security. It is traditionally held by the Ukrainian Interbank Association of Members of EMA Payment Systems.
Fintech against hackers: how the market is fighting cyberattacks.
With the development of information technology, people get new opportunities, but on the other hand, innovations give rise to new security threats. And the financial industry is no exception. PaySpace Magazine learned about the main trends in card and ATM fraud, as well as new methods and approaches to combat different types of fraud in the payment field.
Payment fraud trends
Today, payment fraud is not limited to any one industry. Attackers keep looking for new formats. And they use "proven" methods, such as physical and logical attacks on ATMs.During the first quarter of this year, four skimming devices were seized. At the same time, scammers are looking for new ways to attack ATMs. Since the end of the previous year, we have recorded new types of logical attacks. And although they have so far been unsuccessful, we can see that the attackers have not lost interest in ATMs.
However, ATMs are just one of the targets of cybercriminals.
Cybercriminal activities
The global financial industry has heard for several years about the activities of the so-called “Big Three” cyber groups, which include MoneyTaker , Silence , and Cobalt . According to Mykola Koval, an independent expert on information security, banks and individual financial institutions of the CIS countries often become victims of these organizations, but the Ukrainian financial sector has not yet suffered from their activities.Koval named the cyber groups that the financial sector should be wary of this year - BT.Spy, Sandworm.Go. And Olesya Danilchenko still advised to pay attention to the activities of Cobalt. Indeed, in March 2018, law enforcement officers managed to expose one member of this organization. It turned out to be from Kiev. According to Danilchenko, some members of the group are still in Ukraine.
In addition, there are cyber groups, the members of which are citizens of Ukraine. According to Koval, these are Fin6 and Fin7 . The criminal activity of these organizations is aimed at the American financial market. They are actively attacking POS terminals and US stock exchanges.
Yuriy Poltenko, a representative of the Cyber Police Department, also drew attention to the functioning of criminals involved in investment fraud in Ukraine.
The underlying factors that led us to scrutinize these fraudulent schemes were a number of incidents in Belarus and Kazakhstan. The scheme itself is tailored to work in the CIS countries. However, we managed to establish at the first stages about five victims in Ukraine
Cyber police managed to obtain information about the activities of fraudsters on online trading platforms thanks to the analysis of a large amount of data. In particular, according to Poltenok, law enforcement officers analyzed the norms and restrictions governing the activities of online brokerage platforms that offer services in the field of trading in derivatives of the foreign exchange market (Forex). They also referred to the work of insiders - there are about 400 such centers in Ukraine. However, the main information about the activities of the group was obtained as a result of the analysis of the footer of the site, which indicated the details of where the company was registered.
Attackers, using the online resource for Forex trading, created artificial conditions so that the client could not download the official application for trading on the platform. Then the scammers offered online services for registering the personal account of a potential victim, after which they had access to all user data. Criminals could make changes to the trading history, creating the illusion that the person himself lost
It was established that the attackers used international dialing codes (London, Zurich, Dublin, Sydney, Tokyo, Barcelona, Berlin, Almaty, etc.) to make calls in order to attract persons as clients of the fictitious brokerage company "Trade 12". These numbers were used in VoIP call centers. Thus, cyber police officers exposed 26 offices in Ukraine, which carried out fraudulent activities related to Forex trading.
Security of payment transactions: what SWIFT offers
There are many changes taking place in the financial industry. Therefore, customers of the international interbank system for transferring information and making payments SWIFT require prompt, traceable and transparent payment transactions that must comply with security standards and all regulations.Vice-Director of UkrSWIFT Dmitry Dyachkovsky presented the procedure for financial institutions-users of SWIFT, aimed at improving the security of their internal systems. So, what principles should be adhered to:
- timely install all new versions of SWIFT software
- subscribe to the Security Notification service and use the SWIFT ISAC information portal
- monitor the implementation of security controls by counterparties in the KYC-SA system
- use anti-fraudulent SWIFT tools (Payment Controls, Daily Validation Reports, RMA clean-ups, RMA +, etc.)
- immediately inform SWIFT if there is a suspicion that the infrastructure of the financial institution connected to the payment system has been subjected to a cyber attack
- make sure that the financial institution has fully complied with 19 mandatory controls and recertify according to the updated requirements by December 31, 2019
The main risks for banks without branches: the experience of monobank
Dmitry Kovalevsky, security and risk specialist at monobank, claims that the level of problems in a bank without branches is much higher than even in traditional, larger banks. According to him, on the first day of the launch of the project, the specialists of the mobile bank managed to find 15 hackers at once.The main risks for banks without branches: the monobank experience.
The first major risk a bank faces in a smartphone is hacker attacks. For offline banks this is not so critical, because they can say: "Our site is down, please contact the branch." We cannot explain to clients that we have any technical problems and in 20 hours we will restore everything
Dmitry Kovalevsky believes that there are no data centers in Ukraine that can withstand serious DDoS attacks. Kovalevsky claims that he has faced an incident more than once when a generator in a domestic data center simply could not start. In addition, the NBU requires all banking institutions to work in the data centers of the regulator. However, there are no optimal conditions for working without interruptions. And, as Dmitry says, a mobile bank cannot "lie" for at best 10 minutes while the problem is being fixed.
Despite the Amazon IDS system, monobank has its own development culture.
Our code safety culture extends to every developer
In addition, outside specialists are involved to obtain an objective assessment of whether the system will be able to withstand hacker attacks of varying complexity.
However, the most sensitive issue for a mobile bank is insider leaks at the escort level. According to Kovalevsky, out of 200 employees of the monobank call center, about 30 received offers to sell the base.
How it happens: a customer support employee receives an offer to separately record the phone number and e-mail of clients with large amounts of funds. This information and are ready to buy a third party. Thus, during the analysis of the database, we cannot identify leaks, because there is no such leaks.
Bank has found a way to prevent such information leaks. They set limits on the amount of data received for the call center employee.
If the operator starts to rustle over the data without an incoming call, the system generates an alert, which is processed manually by a special monitoring service.
This information was announced at the XIX Payments & XII Security EMA Conference dedicated to payments and payment security. It is traditionally held by the Ukrainian Interbank Association of Members of EMA Payment Systems.
