Information security of bank non-cash payments. Part 5 - 100+ thematic links about hacking banks

Updated: 10/12/2018

What research

When preparing materials for the following articles, a rather extensive collection of links to topics was typed:

• hacker attacks on banks
• technical analysis of bank hacks,
• review of typical vulnerabilities in banking networks,
• judicial practice
• analysts, forecasts and other articles on banking security.

At some point in time, the number of selected materials turned into quality, so this selection may be of interest by itself.

Media publications on hackers and incidents

2015

1. “Hackers from Gorny Altai stole tens of millions from a bank”, –altapress.ru, 2015
2. “Hackers from Moscow face 10 years for the theft of 20 million from the bank”, - sobesednik.ru, 2015

2016

3. “Hackers stole a billion rubles from four banks with the help of a bot”, - Life.ru, 2016
4. Plot: “Theft from the Russian International Bank (RMB)”
a) “From the correspondent account in the Central Bank hackers stole over half a billion rubles”, - interfax.ru, 2016
b) “Russian International Bank named the amount of funds stolen by hackers” - rbc.ru, 2016
5. Plot: “Theft from Metallinvestbank”
a) “Hackers brought 677 million rubles. from the accounts of Metallinvestbank ”, - rbc.ru, 2016
b) “Metallinvestbank lost 200 million rubles due to a hacker attack,” - ria.ru, 2016
c) “Press release of Metallinvestbank on the fact of theft”, - metallinvestbank.ru, 2016
d) “Hacker-style robbery” - kommersant.ru, 2017
6. “ABS did not work”, - kommersant.ru, 2016
7. “Hackers stole nearly 2 billion rubles from banks. using “letters from the Central Bank” - RBC.ru, 2016
8. “Million for a couple of minutes. How hackers rob banks around the world ”, - 21.by, 2016
9. “In the Sverdlovsk region,“ hackers ”will appear before the court, accused of embezzling more than 2.6 million rubles from accounts of banks in various regions of the country”, - Prosecutor General's Office of the Russian Federation, 2016
10. Plot: Hacker group Lurk
a) “Banking Trojan Lurk: especially for Russia”, - Securelist.ru, 2016
b) “Employees of the Ministry of Internal Affairs of Russia and the Federal Security Service of Russia detained Internet hackers”, - Ministry of Internal Affairs of Russia, 2016
c) “Hunting for Lurk”, - Securelist.ru, 2016
11. “The court charged 470 million rubles from the processing company UCS”, - vedomosti.ru, 2016

2017

12. “From Utah to Yenisei: hackers attack US and Russian banks”, - Gazeta.ru, 2017
13. “Group-IB appreciated the scale of activity of Russian-speaking hackers MoneyTaker”, - rbc.ru, 2017
14. “Co-founder of Group-IB told about those who committed cyber attacks on Russian banks”, - rbc.ru, 2017
15. Plot: “Theft from Globex Bank”
a) “Hackers came running to SWIFT”, - kommersant.ru, 2017
b) “Hackers came to Globex”, - kommersant.ru, 2017
c) “Hackers stole $ 1 million from a subsidiary bank of VEB”, - vedomosti.ru, 2017
16. “Hacker attacks gathered in the grouping”, - Kommersant.ru, 2017
17. “Digital Security denies Zeronights member’s connection with MoneyTaker”, - anti-malware.ru, 2017
18. Plot: A group of 14 hackers robbing banks
a) “A boxer from Ukraine led a group of hackers who stole 1 billion rubles from banks,” - Life.ru, 2016
b) “The hacker's repentance program worked”, - kommersant.ru, 2017
c) “Court hacks hacker network”, -kommersant.ru, 2017

2018

19. “Hackers stole hundreds of millions from Mexican banks”, - SecurityLab.ru, 2018
20. Plot: “The criminal group from Volzhsky”
a) “A hacker who stole money from a bank card was detained in Volzhsky”, - SecurityLab.ru, 2018
b) “Hackers earned up to half a million a day” - Kommersant.ru, 2018
21. Plot: “Preparing for an attack on Russian payment systems”
a) “In Seversk, hackers were convicted of preparing an attack on Russian payment systems,” - SecurityLab.ru, 2018
b) “The cyber attack on Russian electronic payment systems was prevented in Tomsk” - ib-bank.ru, 2018
22. “A hacker was detained in the Stavropol Territory for breaking into ATMs and stealing funds”, -SecurityLab.ru, 2018
23. “In Saratov, a hacker stole more than 380 thousand rubles using a phishing site”, - SecurityLab.ru, 2018
24. “A St. Petersburg hacker stole funds from bank cards”, - SecurityLab.ru, 2018
25. “Money from the Central Bank is stealing ghostly hackers”, - dailystorm.ru, 2018
26. “The beginner hackers have teachers for breaking ATMs”, - dni24.com, 2018
27. Plot: “The arrest of the leader of the criminal group Carbanak / Anunak / Cobalt”
a) “Mastermind behind eur 1 billion cyber bank robbery arrested in spain”, - Europol, 2018 + ( here )
b) “Ukrainian hacker allegedly being the leader of Carbanak is arrested” - SecurityLab.ru, 2018
c) “The leader of Carbanak fell for reluctance to pay for the car on time”, - SecurityLab.ru, 2018
28. Plot: “Continuation of the activity of the Cobalt criminal group after the arrest of its leader”
a) “Group-IB: despite the arrest of the leader, the Cobalt group continues attacks on banks”, - Group-IB, 2018
b) “The arrest of the leader did not stop the activities of the Cobalt group: hackers attacked the major banks of Russia and the CIS”, - xakep.ru, 2018
29. "In Moscow, cybercriminals who stole funds from bank customers were convicted" - SecurityLab.Ru, 2018
30. "PIR Bank lost more than 58 million rubles as a result of cyber attacks" - SecurityLab.Ru, 2018
31. "The investigating authorities of the Ministry of Internal Affairs of Russia sent a case to the court about embezzling money from citizens' bank cards", - Russian Ministry of Internal Affairs, 2018
32. “Cyber ​​fraudsters convicted in Moscow for stealing money through the Internet-offices of banks”, - Interfax news agency, 2018
33. Plot: “Theft from PIR Bank”
a) “PIR for hackers”, - kommersant.ru, 2018
b) “How are you, Carbanak?”, - Gorup-ib.ru, 2018
34. “The Prosecutor’s Office of the Republic of Bashkortostan sent a criminal case to the court over the fact that hackers had stolen over 8 million rubles”, - RF Prosecutor General's Office, 2018
35. "In the US, the court filed charges against 3 members of the hacker group Carbanak", - SecurityLab.ru, 2018
36. "Ekaterinburg hackers stole 1.2 billion rubles from banks", - SecurityLab.ru, 2018
37. "In Rostov, a hacker stole more than 1 million rubles from an ATM" - SecurityLab.ru, 2018
38. “Hackers withdrew about 100 thousand dollars from the Housing Finance Bank,” RIA Novosti, 2018

Technical Analysis of Incidents

2014

1. Report: “COMPUTER FORENSIC INVESTIGATION OF {mobile} BANKING TROJAN”, - Zeronights 2014, Boris Ivanov

2015

2. Report: “Technical Report on the Activities of a Criminal Group Engaged in Targeted Attacks - Anunak”, - Group-IB, 2015 (+ article )
3. Report: “Attacks on brokerage and settlement systems,” - Group-IB, 2015
4. Big bank robbery: Carbanak APT campaign, - securelist.ru, 2015 (+ english report )

2016

5. “The number of APT bank robberies is increasing with the use of Metel, GCMAN and Carbanak 2.0 attacks”, - securelist.ru, 2016
6. Report: “Buhtrap: the evolution of targeted attacks on banks” - Group-IB, 2016
7. Report: “Cobalt snatch”, - Positive Technologies, 2016

2017

8. Report: “Cobalt strikes back: new attacks on financial institutions”, - Positive Technologies, 2017
9. “Following Cobalt: logical attack tactics on ATMs in the Group-IB investigation”, - Group-IB blog on habr.com, 2017
10. “Cobalt Secrets How a Cobalt Group Overcomes Remedies”, - Group-IB, 2017
11. “MoneyTaker: Invisible Hunt Group-IB declassified hackers attacking banks in the US and Russia”, - Group-IB, 2017
12. “Lazarus Technologies of espionage and targeted attacks by pro-government hackers from North Korea and unknown details of their operations in the Group-IB“ Lazarus: Architecture, Tools, Attribution ”report, - Group-IB, 2017
13. ATM attacks on the example of GreenDispenser: organization and technology ”, - Positive Technologies, 2017
14. “The Silence - a new target attack on financial institutions”, - Securelist.ru, 2017
15. “TwoBee Financial Campaign”, - Securelist.ru, 2017

2018

16. “Big difference: Cobalt vs MoneyTaker What distinguishes the two most active criminal groups,” - Group-IB, 2018
17. “New attacks on banks”, - Positive Technologies, 2018
18. Webinar: “Investigation of targeted attacks on financial institutions”, - Positive Technologies, 2018 (+ presentation )
19. "Attacks on industrial enterprises using RMS and TeamViewer", - Securelist.ru, 2018
20. “Hackers attack banks using Microsoft Publisher files”, - SecurityLab.ru, 2018

Forecasts and reviews

2016

1. “Review of financial stability II — III quarters of 2016”, - Bank of Russia, 2016

2017

2. “Hi-Tech Crime Trends 2017”, - Group-IB, 2017 (+ this report is on an external resource )
3. “Report of the Center for Monitoring and Responding to Computer Attacks in the Credit and Financial Sphere of the Central Directorate of Security and Information Protection of the Bank of Russia: June 1, 2016 - September 1, 2017”, - FinCERT CB RF, 2017
4. “The main types of attacks in the credit and financial sphere in 2017,” - FinCERT CBR, 2017
5. “Review of unauthorized money transfers for 2017”, - FinCERT Central Bank of the Russian Federation, 2017
6. “Cybercriminals against financial organizations: what to expect in 2018”, - Securelist.ru, 2017
7. Webinar: “Current Cyber ​​Threats - 2017: Trends and Forecasts”, - Positive Technologies, 2018 (+ report )

2018

8. “Financial cyber threats in 2017”, - Securelist.ru, 2018

Arbitrage practice

1. “Proceedings of the proceedings between Kemsotsinbank JSC and other banks through which the money stolen from it was cashed”, - Arbitration and Appeal Courts, 2017-18 ( here and here )

Regular Reviews and Thematic Resources

1. "Crimes in the banking sector", - amulet-group.ru
2. “Archive securelist.ru, heading“ Attack on banks ”, - securelist.ru
3. “FinCERT Bank of Russia”, - Bank of Russia
4. “Investigations of high-tech crimes”, - Subject on Group-IB.ru
5. The plot “Hacker attacks on Russian banks” - RIA Novosti
6. Threat Actor Map
7. Category: “Burglars”, - Komersant.ru
8. “Subject: Cybercrime of the official website of the Ministry of Internal Affairs of Russia”
9. Periodic reports: “State of crime” - Ministry of Internal Affairs of Russia

Vulnerabilities

2013

1. “Security analysis of mobile banking applications for 2012”, - Digital Security, 2013

2014

2. “Mobile banking security: the possibility of a MitM attack”, - Digital Security, 2014
3. “VM escape: 101”, - Digital Security company blog on habr.com, 2014

2015

4. “Security of web resources of banks of Russia”, - Digital Security, 2015

2016

5. Webinar: “Pitfalls of Applied Cryptography” - Positive Technologies, 2016 (+ presentation )

2017

6. “Vulnerabilities of financial industry applications”, - Positive Technologies, 2017
7. “Automated code analysis: web application vulnerability statistics for 2017”, - Positive Technologies, 2017
8. “Statistics of attacks on web applications: IV quarter of 2017”, - Positive Technologies, 2017
9. “Corporate information systems: penetration testing attack scenarios”, - Positive Technologies, 2017
10. Webinar: “Typical scenarios of attacks on wireless networks”, - Positive Technologies, 2017 (+ presentation )
11. Webinar: “Typical scenarios of attacks on the corporate information system”, - Positive Technologies, 2017 (+ presentation )

2018

12. “Research: more than half of e-banking systems contain critical vulnerabilities,” - Positive Technologies company blog on habr.com, 2018
13. Webinar: “Advanced attacks on Microsoft Active Directory: methods of detection and protection”, - Positive Technologies, 2018 (+ presentation )
14. “Vulnerabilities of corporate information systems 2018”, - Positive Technologies, 2018
15. “As social engineering opens the door to your organization for a hacker,” - Positive Technologies, 2018
16. Webinar: “ATM Security Analysis: Logical Attacks and Vulnerabilities”, - Positive Technologies, 2018 (+ presentation )
17. “By the way of the bills they made their way through the safe”, - kommersant.ru, 2018
18. "Low-level hacking of NCR ATMs", - Positive Technologies company blog on habr.com, 2018

Analytical articles

2013

1. “Ensuring the safety of the RB systems at all stages of the life cycle”, - Analytical Banking Journal, 2013
2014
2. “Attacks on automated banking systems”, - BIS-journal, 2014

2015

3. “ABS at sight”, - Analytical banking magazine, 2015
4. “Robbery of the XXI century: hackers managed to steal $ 1 billion,” - Kaspersky Lab, 2015
5. “Russian financial cybercrime: how it works”, - securelist.com, 2015

2016

6. “Tens of Russian banks lost millions of dollars due to attacks by cybercriminals”, - Kaspersky Lab, 2016
7. “A banker who can steal everything” - securelist.com, 2016
8. “Hackers against banks: the most high-profile crimes of recent years”, - Rbc.ru, 2016

2017

9. “How hackers prepare attacks on banks”, - Positive Technologies company blog on habr.com, 2017
10. “Targeted attacks on Russian banks as a test site”, - Group-IB, 2017
11. “Hacker-style robbery” - Kommersant.ru, 2017

2018

12. “News sites in Runet distributed a banking Trojan”, - Securelist.ru, 2018
13. “3000 dollars per evening. How do cybercriminals who can rob anyone? ”- tut.by, 2018
14. “Cyber ​​attacks are our daily routine. Hackers are targeting mobile banks and industry ”, - 360tv.ru, 2018
15. “Attacks on banks”, - Positive Technologie, 2018
16. “Schemes of theft in the RB systems and five levels of countering them”, - Group-IB blog on habr.com, 2018
17. "Pegasus crept unnoticed", - Kommersant.ru, 2018
18. "The market for criminal cyberservices 2018", - Positive Technology, 2018
19. “Trojans are multiplying in a mobile bank”, - Kommersant.ru, 2018
20. “APT Trends Report Q2 2018”, - Securelist.com, 2018
21. "On the crimes committed with the use of modern information and communication technologies", - Prosecutor General of the Russian Federation, 2018

miscellanea

1. “INSTRUCTIONS for responding to incidents related to e-banking systems”, - Group-IB, 2012 ( announcement )