Security Think Tank: Carbanak attacks highlight need for tech and process review  

Does the theft of $1bn from global financial firms by the Carbanak gang show it is time to seek new technologies or improve business processes?

With headlines such as "The biggest ever bank robbery" and "Worst bank hacking crime in history", the Carbanak online robbery attracted plenty of attention, particularly from executives in the financial sector.

Despite signs of new techniques being used, the Carbanak attacks bear the hallmarks of a typical cyber crime attack, including spear phishing, targeted malware, privilege escalation, keylogging, screen grabbing and extraction of valuable information onto the internet.

The origins of many of these techniques are more than a decade old, and while attack methods continue to evolve, this story is raising eyebrows in the security industry. How can such activity go undetected on a bank’s critical network for months? Is technology failing or is it not being used effectively?

Cyber crime attacks by their nature can often be sophisticated, focused and relentless, requiring advanced levels of protection to combat them. However, the well-established methods used in the Carbanak attacks mean organisations should be better prepared. 

In addition to good security governance and risk management, financial institutions should be reviewing their security technology capabilities and establishing how they can put them to better use. 

ISF recommendations include the following:

  • Get the basics right by addressing easy targets with system hardening, keeping the infrastructure up-to-date, restricting access and segregating critical systems
  • Understand the threat by modelling their techniques, performing security testing, reviewing intelligence information and monitoring online forums
  • Be prepared by anticipating criminal groups use of new tools, exploits and methods, testing incident response capabilities and maintaining a relationship with law enforcement agencies, industry regulators, media and other important parties
  • Maximise technology investment by integrating existing technologies, enabling greater event logging, centralised monitoring and closer inspection of anomalies
  • Strengthen protection by implementing advanced measures, such as honeypots and tarpits to detect, monitor and learn about cyber criminals
  • Learn from attacks by investigating root cause and near misses to reduce frequency and impact of attacks

Mark Chaplin is a member of the leadership team in the Information Security Forum.

Read more on Hackers and cybercrime prevention