In 2008, a group of thieves stole US$700 000 from Russia’s central bank the old-fashioned way: they infiltrated a processing centre, handcuffed a guard, and made off with the cash.
These days, the criminal attacks on the Bank of Russia are far less labour-intensive — and far more lucrative. Over the course of last year, hackers looted up to $21m from accounts opened with the Bank of Russia.
The thefts from the Bank of Russia are part of a surge in cyberattacks on global monetary authorities in 2016, from Bangladesh to Warsaw. This year is likely to be even worse.
“For a central bank, the question is not if, but when, they will be victim of a cyberattack,” said Giulio Coraggio, a lawyer focusing on cybersecurity at DLA Piper in Milan.
The hacking collective Anonymous, known for its activism against big corporations, security forces and governments, is specifically targeting central banks, according to two people with direct knowledge of the group’s activities, who asked not to be identified.
While the people wouldn’t say which banks are being targeted, they said the group has been busy recruiting new hackers to aid it in its forays, and renewed its attack against a number of central banks in February.
The group last year attacked at least eight monetary authorities, including the Dutch Central Bank, the Bank of Greece, and the Bank of Mexico, the two people said. In a change of tack, it is also considering plans to sell on any confidential information it obtains, according to one of the people.
The actions by non-state hacking and hacktivist groups such as Anonymous “are a wake-up call that should alert us to the critical weaknesses of global financial systems”, said Stefano Zanero, a professor of computer security at Italian university Politecnico di Milano.
A successful cybersecurity attack on the US banking system is “one of the most significant risks our country faces”, Federal Reserve chairwoman Janet Yellen said in testimony before the congressional joint economic committee in November.
The most notable hack on a central bank so far resulted in a manhunt involving Interpol and the FBI, launched last year, to help solve the cyber heist from Bangladesh’s central bank, where hackers used Swift, the interbank messaging system, to steal $81m.
“The Bangladeshi bank case last year really brought the focus on payments systems within central banks,” said Adrian Nish, head of threat intelligence at BAE Systems. “The realisation that central banks can be targeted this way for profit has become a greater concern since Bangladesh.”
Poland’s financial regulator was targeted in January by a suspected “watering hole” attack, where hackers target an often-used website, according to research from BAE Systems.
In this instance, the hack originated from the website of Polish Financial Supervision Authority (KNF), where code was planted that would serve malware to certain visitors of the site. The malicious code was selectively targeted at financial institutions, and multiple banks were compromised via their users simply browsing the KNF website.
The authority said last month in a statement that it had identified external attempts to hack its website and it was in contact with representatives of supervised industries.
Similar code was also believed to be present on the website of the state-owned Banco de la República Oriental del Uruguay, and the National Banking and Stock Commission of Mexico in late 2016, according to analysis from BAE Systems and US software company Symantec.
Banco de la República Oriental del Uruguay and the National Banking and Stock Commission of Mexico did not respond to requests for comment.
“Cyberattacks have become military attacks,” said Biagio De Marchis, senior vice president in the security and information systems division of Italian defense and security company Leonardo, which offers cybersecurity services to clients which span from financial institutions to large companies to the Nato alliance.
In response, central banks and related agencies have been busy attempting to stem the increasing number of attacks.
In June, Swift hired BAE Systems and UK cybersecurity adviser NCC Group in a bid to improve its security defences. BAE has since helped Swift analyse whether it needs to flag potential issues to correspondent banks.
The number of warning flags raised due to concerns about a potential security issue BAE Systems has examined are in the “double digits”. The problems range from system crashes due to software update errors, to intruders hacking into banking platforms.
The Bank of England is even scooping up start-ups to help it battle online threats. It is currently running an accelerator, launched in June 2016, and is to start working with Anomali in order to “hunt and investigate cybersecurity intelligence data in a highly automated fashion,” according to a case study published in February by the bank.
Limor Kessem, a consultant at IBM Security Systems, says greater vigilance on the part of central banks makes sense in the face of the increased attacks they’re seeing. She said she has identified several groups targeting banks, and expects more to jump in this year.
“If overall cybercrime activity on that sector is any indication,” Kessem said, “attacks on central banks are also likely to increase.” — (c) 2017 Bloomberg LP