Kaspersky experts unearthed a cybercrime incident in a Central Bank in Latin America. Attackers brought it into their radar as the cybercriminals were attempting to find partners help them conduct additional malicious activity.
This sort of scheme has become particularly common over the past few years with different groups responsible for different stages of an attack. These range from those that initially penetrate the victims’ systems, those who conduct the actual attack (e.g., encrypt and steal data), and those demanding ransom and who manage the financial aspect of the attack.
The data, offered by the attackers to third parties worked as evidence they had access to the organisation. The stolen data was analysed, and it was discovered the attackers had gained access to the entire infrastructure of the Latin American central bank. This included the systems for international money transfers. INTERPOL was promptly notified about the attack.
“Over the past few years, we’ve seen many ransomware attacks carried out by these “hybrid” teams. Previously, however, their targets were mainly commercial companies. We are happy that together, with Kaspersky, we were able to prevent an attack that could have affected the region’s economy. It is only through effective cooperation on the international level and striving to be ahead of the curve that we will be able to effectively protect the global community,” commented Stephen Kavanagh, Executive Director of INTERPOL Police Services, INTERPOL.
After conducting a joint investigation, all vulnerabilities in the corporate networks of the bank were closed and any opportunities for additional attacks were blocked.
“We learned that the attackers had found a loophole that allowed them to gain access to the central bank’s infrastructure. When countering such attacks, international cooperation coupled with the ability to act quickly is critical. That’s why, as soon as we gathered information about how the attackers were operating, we notified INTERPOL. Such well-coordinated and precise cooperation made it possible to thwart the attackers before real damage to the organisation occurred,” added Sergey Golovanov, Chief Security Expert at Kaspersky.
Kaspersky recommends the following set of measures to prevent cyber attacks:
- Teach employees the basic rules of good cyber hygiene since many attacks begin with phishing or other types of social engineering.
- Regularly conduct cybersecurity audits of networks and fix discovered vulnerabilities in a timely manner.
- Along with protecting endpoints, implement services that can protect against targeted attacks.