Hollywood lie: Bank hacks take months, not seconds

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/hollywood-lie-bank-hacks-take-months-not-seconds/

By Catalin Cimpanu
Zero Day
ZDNet News
June 4, 2019

A report published today by cyber-security firm Bitdefender gives one of the 
best views we ever got into the inner-workings of a modern bank heist, and more 
particularly, a bank heist carried out by Carbanak, a group of hackers 
responsible for stealing more than one billion euros from banks all over the 
world.

Methodical, slow, and paying close attention to not getting discovered, a 
Carbanak hack is like a slow burning fire that makes its way across a forest.

Unlike Hollywood movies where bank cyber-heists happen within seconds, in the 
real world, hackers spend weeks inside banks' IT systems, gathering intel, and 
preparing for the day when they're ready to spring into action and steal funds.

Everything about a modern-day bank cyber-heist is... boring, even the hacking, 
which involves good ol' techniques like spear-phishing, vulnerability scanning, 
domain controller compromise, lateral movement, and the use of off-the-shelf, 
legitimate tools like Cobalt Strike.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_