The Tank-Crackers of the 21st Century: New Alliances Against Banking Trojans

March 2018: Europol succeeds in striking a decisive blow against organised cybercrime. Over five years, a professional hacker gang had captured one billion euros. Among the victims were 100 banks from over 40 nations. With the help of infiltrated malware, the criminals had not only managed to manipulate the account balances of bank customers, but also to dispense this money at will via regular ATMs. Anyone hoping for an end to the cyber attacks against banks after the successful Europol strike should be informed of this as early as June 2018: This time hackers managed to capture 10 million dollars from the Bank of Chile. ATMs were not needed for the coup. With the help of manipulated online transfers, the money was simply transferred to international accounts.

What sounds like the plot of a futuristic financial thriller is already reality today: cybercriminals are after the big money. And they have the technical and logistical means to get it.

Business games against cyber attacks

Back in July 2019: The leading credit institutions are well aware of the increasing dangers posed by hacker gangs, as a joint simulation by the Austrian Financial Market Authority (FMA) and the Austrian National Bank (OeNB) shows. The new IT security guideline, which the FMA launched in 2018, should provide the impetus for conducting the test. This package of measures was intended to better prepare financial institutions for possible IT risks and to set guidelines for emergencies.

The aim of this first cross-institutional simulation game is to realistically assess the responsiveness and ability to act of leading financial institutions in cooperation with technical service providers and authorities. The simulation was accompanied by the "Computer Emergency Response Team Austria" and the Austrian Ministry of the Interior - further evidence of the great economic, political and symbolic significance of the test series. 10 institutions and their partners from the IT sector were tested. A total of more than 100 specialists were involved in the large-scale stress test.

The reality of simulated danger

The simulation game focused on 170 simulated attacks to which the participating institutions had to respond. As far as possible, the scenarios were borrowed from reality: among other things, the handling of Ransomware, DDoS attacks and data loss were tested. Particularly in the focus of the test arrangement: the observation of human behavior. If you talk about cybercrime, you automatically talk about the famous "human factor". On the one hand, as studies show, the majority of IT security threats can be traced back to human errors in the handling of technology - on the other hand, solving IT problems becomes a task for communication. Therefore, a central component of the simulation was to critically examine the cooperation between institutions and authorities. Technical and organizational solutions were thus taken on board in equal measure.

Sigh of relief after the stress test

After the simulation, the participating institutions draw a generally positive conclusion from the series of experiments. Representatives of the FMA expressed their satisfaction with the preparation of the participating institutions and their willingness to cooperate effectively in an emergency. However, critical tones can also be heard in the aftermath: According to the vague comments made by FMA Executive Board members Helmut Ettl and Klaus Kumpfmüller, the "practical arrangements proved to be very different". The analyses from the simulation are now to become the basis for further measures by the supervisory authority. Further regulations are likely to follow.

New alliances against hacker gangs

And that seems highly advisable. Already in June, representatives of the G7 states and national banks met in Paris to discuss the "protection of the financial sector in the global economy". Here, too, an increasing international threat in the financial sector was stressed. Sabine Lautenschläger from the ECB's Executive Board attributes this in particular to the "increasing complexity of the financial sector", a professionalisation of cybercriminals, a shortage of skilled staff at the institutions and a premature introduction of technical innovations without their implementation in the IT security concept. 

This current event also makes it clear that institutions and authorities around the world are focusing their attention on the financial sector. Cooperation seems essential in view of the past years; an effective alliance seems to be forming. A recent Bitdefender case study that meticulously analyzes the famous Carbanak attacks of 2018 also fits into the picture. 

But uncertainty remains: To what extent can the incidents of the past help to understand the actions of cybercriminals, while they always seem to be one step ahead through new and sophisticated strategies?

Searching for the right strategy

The simulation game of the Austrian financial institutions is a vivid example of how the financial sector and politics are trying to adapt their own strategies to the constantly evolving threat situation in view of current incidents. It becomes clear that the paradigm shift of recent years - away from a purely technical concept and towards an overall organisational task - seems to be becoming increasingly concrete. IT security in 2019 therefore means cooperation between technology and infrastructure, organisation and communication, politics and business.