Dubai: Espionage or state-sponsored cyber-attacks pose a new threat to banks and financial criminals are building capabilities to move beyond banking to target cryptocurrency, said an industry expert.
“Financial institutions are still not yet ready for sabotage and card processing will be the key target of cybercriminals as such attacks are simple and cheap,” said Tarek Kuzbari, managing director for the Middle East, Turkey, Africa and South Asia at Group-IB, a security solutions provider of high-fidelity threat intelligence and anti-fraud.
He said that new financially motivated hackers and state-sponsored attackers targeting banks will emerge and the cybercriminals’ focus shifts to Latin America and the Middle East as new target regions.
A growing focus area for hackers is the crypto industry, he said, which includes initial coin offerings (ICO), wallets, exchanges and funds, and which has been attracting increasingly large capitalisation and funds.
According to the Hi-Tech Crime Trends 2017 report released by Group-IB, the total damage caused by targeted hacker attacks globally on the cryptocurrency industry amounts to more than $168 million (Dh617 million), and the income from attacks on cryptocurrency exchanges varies from $1.5 million (Bitcurex) to $72 million (Bitfinex).
Beyond the lure of higher profitability, he said that hackers are also attracted by the power of digital anonymity, one of the basic principles of the cryptocurrency industry. Hackers are showing big interest in cryptocurrency as they are able to do a quick attack with bigger margins.
In comparison, he said a successful attack on a bank brings criminals only about $1.5 million, on average, illustrating the fact that the traditional financial industry is also not safe.
In the past few weeks, Group-IB has found that 228 bank accounts and nearly 2,000 credit cards have been compromised in the UAE alone, and an additional 5,738 account details of bank employees have been leaked. The average sale price of a credit card from a UAE bank is sold for $9.3 by bad guys.
“The top emerging threats in the financial sector were identified as Fin7, Cobalt Cybercrime group, Lazarus, NetWire RAT and SMiShing. The leaking of US National Security Agency (NSA) hacking tools has made highly sophisticated capabilities available to malicious hackers,” Kuzbari said.
In the coming year, he said that the theft of money will not be the main source of losses for banks and financial institutions from cyber-attacks.
Grievous harm
According to the report, the destruction of the IT infrastructure of banking and financial organisations during the final stages of a targeted attack by financially-motivated cybercriminals and state-sponsored hackers will cause the most grievous harm.
“Accelerated digitisation in the region is making it critical for organisations to prioritise security measures and the level of threat that all of us in the UAE face are quite high. Over the past year, we have observed the increased competence of hackers to impact critical infrastructure with targeted large-scale incidents, and this can instantly negate all the efficiencies and advances brought about through a digital transformation undertaking” he said.
With hackers moving to more sophisticated agendas such as espionage, sabotage, data theft, and disruption of infrastructure, he said that targeted attacks on banks, payment systems, bank clients, and even cryptocurrency exchanges will move beyond impacting organisations to directly affecting the lives and finances of citizens and residents.
