(Ping! Zine Web Hosting Magazine) – Over the weekend, it was reported that cyber criminals had stolen up to $1 billion from banks. Kaspersky Labs discovered that the attacks date back two years and that as many as 100 banks may have been affected, along with e-payment systems and other organizations across 30 countries. Commenting on this, Martin Lee, cyber-crime manager at Alert Logic, says:
“These types of attacks underline how difficult it is to discover bespoke pieces of malware using traditional signature based detection methods. Whitelisting applications on PCs and laptops could have detected the malware as an unapproved application. Yet whitelisting services are not immune from attacks themselves and may just become a single point of failure which when breached gives an attacker the ability to deploy undetectable malware.
The reconnaissance phase of attack and command and control traffic are weak points for the attacker since their activity will be visible on the network. Equally, unusual changes in bank balances will give away their presence. But organizations need to be routinely collecting data so that they can spot anomalies, and have the resources to conduct investigations to identify the root cause.
Only through constant vigilance and paranoia at being infiltrated can organizations hope to detect and react to attacks such as these. If an attacker knows your systems and procedures better than your own IT staff, it will be a tough fight to detect and unseat the attacker.
Forensic examinations take a long time to conduct. Once discovered it is quick and easy to announce that malware has been found, however it takes many weeks and months of forensic examination to identify exactly what which systems were affected, what was stolen and how far did the attack spread. I think what we are seeing here is the results of the in depth investigation being released.”