BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Europol Director: hackers target banks, not customers

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 17 Apr 2015 13:11:47 -0600
http://www.investing.com/news/technology-news/europol-director:-hackers-target-banks,-not-customers-337650

Banks, rather than their customers, are increasingly the main target of
online thieves, Europol director Rob Wainwright said on Friday in an
interview.

"That has been an important change," Wainwright told Reuters after a
conference on cyber security in The Hague.

He said the hacks were remarkable in terms of "the level of sophistication,
in terms of the malware that's being used, and in terms of the
sophisticated social engineering to identify the most important personnel
among the banks' employees".

He cited several cases that have been reported in the media, but said many
more were never made public.

"Now that's dangerous because in those cases it led to millions of losses,
multi-million losses. But it also shows a level of capability that is
getting higher all the time, and perhaps runs the risk of outstripping the
ability of the banks to deal with it," he said.

"It is raising serious questions about, even, about the health of the
financial services industry."

He said the number of "kingpins" behind hacking attacks on banks was more
than 100 and fewer than 1,000. Most came from Russia or Ukraine.

"Certainly, in terms of the banking trojans, we say its ostensibly a
Russian-speaking problem," he said, referring to "trojan" attacks in which
thieves trick users into installing malicious software on their computers.

He said banks needed to improve their defenses, especially by understanding
which employees were most vulnerable to attack and which in turn had
authority over vital infrastructure, he said. Police were also looking at
new ways to respond.

Criminals' infrastructure is "very dependent on their code writers and they
are not infinite in number", he said, implying that police are especially
devoting resources to identifying the creators of malware.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: