Are Russian banks vulnerable to cyberattacks from abroad?
Russian banks are taking security measures to protect themselves from large-scale hacker attacks allegedly being planned by foreign special services, following a statement issued by Russia’s own security organization, the Federal Security Service (FSB).
The FSB released a statement on Dec. 2 warning of the imminent cyberattacks, which it said were expected to begin on Dec. 5.
The attacks, which the FSB said had "the aim of destabilizing the Russian financial system" will be accompanied by text messages and provocative messages on social networks. The hackers' objective, according to the FSB, is to engender a crisis in Russia's financial credit system, as well as to have a series of leading banks file for bankruptcy and lose their license.
According to the FSB, the hackers will work from servers located in the Netherlands but owned by Ukrainian hosting company BlazingFast. In turn, the company has already initiated an inspection and confirmed that indeed it has clients in the Netherlands.
The Central Bank of Russia's press service reported that the day before the FSB's announcement hackers stole more than 100 million rubles ($1.5 million) from a Russian bank (though the bank in question was not specified). One theory is that the attackers hacked into the core banking service, which is usually isolated or almost isolated from public communication networks and considered invulnerable by most banks. This incident could be the first public hacking attack of its type in Russia.
Despite all the hype, according to a report by the TASS news agency, there were no major attacks on Dec. 5, with VTB the only lender to record an attempted breach of its security in the early evening.
"A DDоS-attack was carried out on the site of VTB Group,” reported the bank’s press service. “Infrastructure is operating normally, clients of our banks are not experiencing any difficulties,” read the statement.
A ‘kid from a bad neighborhood’
In the technical sense a systems hack performed by the special services is no different from one performed by regular hackers.
"It's like a Kalashnikov rifle. It can be used by terrorists, the army or organized crime syndicates," said Ilya Sachkov, founder and general director of Group-IB, an international company that specializes in the prevention of cyber threats.
Furthermore, 99 percent of attacks on banks are carried out by classical saboteurs with the aim of stealing money. A hack conducted by the special services is a statistical deviation.
Alexei Lukatsky, a security expert at Cisco, noted that the FSB warning does not mention money: "Sending messages saying that a particular bank has problems should theoretically create a frenzy among its clients, who will then run to withdraw cash and thereby bring the bank to the brink of bankruptcy," he explained.
Following the FSB's announcement Russian banks quickly declared that their security systems comply with the latest standards. And according to many cyber security experts, the Russian banking system is one of the most reliable in the world, since Russian-speaking computer crime is one of the world’s most dangerous.
"Firstly, Russian banks test all the latest attack instruments on themselves. Finding itself in such an aggressive environment, the banking system is a kid growing up in a bad neighborhood and constantly fighting. If in Russia you're not protected, you won't be able to work long and effectively on the market," said Sachkov.
Money spent does not guarantee security
According to Sachkov, hackers have begun attacking banks only recently since previously there were no instruments allowing them to do this. Before they would attack clients. Now these instruments exist and just in three years hackers from small groups have transformed into criminal organizations with all the necessary attributes: communications, lawyers, geographical distribution of influence, quick investments and legal businesses for laundering money.
Many banks in Russia are convinced that they are protected because they constantly invest in their security systems. But the reality is that they may have still been unable to test the new hacking systems on themselves.
"Successful attacks usually take place on organizations that are equipped with fashionable solutions. The organizations don’t always understand who is attacking them and what they should protect. For example, an army can buy tanks and anti-infantry mines but if the enemy arrives by plane and there's no artillery, everything will be useless," explained Sachkov.
In 2015 an analytical report prepared by Group-IB spoke of the relevance of attacks on core banking services, and only Russia's largest banks believed the warnings, with the other banks dismissing it as technically impossible.
In 2011 many banks also thought that it was impossible to bypass the two-factor authentication method (when a confirmation code is sent via text message), but in that year hackers were able to adapt to it.
"Banks are prepared for hacks on their core banking services in various ways. It is very difficult to predict. There are some who program the core banking service by themselves, others use ready-made products with their advantages and disadvantages," said Lukatsky, adding that often bank employees are part of the hacking operations.
This is why Russian experts say it is useless to play technological Ping-Pong with the hackers: Banks need to have cyber reconnaissance services and correct risk management, which is better developed in European countries.