ST. PETERSBURG, 5 July – PRIME. Last year, the Bank of Russia did not register a surge in transaction reversal fraud,but it did discover a new method of TRF attack from card to card using ATMs, according to a regulator report of the main types of computer attacks in the lending and financial sector in 2018, presented at the International Financial Congress.
“The previously anticipated surge in TRF attacks did not occur, but a new TRF attack method was registered, based on the inadequacy of scenarios for processing card to card transfers using ATMs,” the regulator said in its reportpresented at the International Financial Congress.
The method of attack is quite simple. First, the fraudster selects the ATM operation, which is a transfer between individuals, and then enters the card number of the recipient. The bank that owns the ATM initiates the operation and simultaneously sends two authorization messages to the receiving bank and the sending bank. The initiator receives approval from both banks almost simultaneously, after which the transfer is performed, as a result of which the amount on the recipient's card increases, while the same amount is retained by the sender.
However, the ATM transfer scenario is not yet completed. The ATM asks the sender to confirm that he or she accepts the operation fee, but the sender does not give consent, and the initiating bank sends a message on the amount return to both the sending and receiving bank. As a result, the funds are unfrozen, having already been withdrawn by the recipient.
In order to minimize the risks of such attacks, the Bank of Russia advises banks to check the adequacy of ATM scenarios, and to ensure that messages indicating that funds have been returned to the sender’s bank are only displayed after the successful completion of the return operation to the recipient bank.
“Another fairly effective measure is to obtain the client’s consent with the terms of service before any authorization messages are sent,” said the regulator.
The reportalso states that last year cybercriminals launched 177 targeted attacks on Russian banks in order to steal money.
“In total in 2018, FinCERT received reports on 687 attacks, including 177 targeted attacks carried out on financial institutions,” the reportstates, emphasizing that the aim of the attacks was financial gain.
On top of that, last year the Bank of Russia registered 97 DDos-attacks and 413 non-targeted attacks on Russian banks.
The regulator also analyzed the malware distribution campaigns conducted in September–December of last year. During this period, 375 separate malware distribution campaigns were registered, of which 317 were global. 53% of these campaigns involved the distribution of ransomware, with 34% containing malware, with the ultimate goal of stealing money.
In 2019, the Bank of Russia Audited 75 banks for Compliance with Cyber Security Requirement, and all of them had Committed Violations
In October last year, the Bank of Russia reported that in the first half of 2018, Russian banks were subjected to 72 targeted hacker attacks, a 1.8 times increase on the same period of last year. Conversely, the effectiveness of attacks is falling, and in the first eight months of 2018, lenders lost 76.5 million roubles as a result of hacker attacks, 14 times less than the same period of 2017.
Since 1 July 2018, Russian banks and operators of payment infrastructure services have been obliged to report to the Bank of Russia on cyber attacks and their technical parameters. Before then, banks provided the regulator with such data on a voluntary basis.
The largest number of successful cases of fraud from Russian banks in 2017-2018 occurred after the attacks carried out in the ‘holiday’ months of May to August, the Bank of Russia also said in the report.
“According to 2017–2018 statistics, the largest number of successful cases of fraud occurred following attacks carried out during the ‘holiday’ months of May to August,” the report says.
The Bank of Russia attributes this to the reduced vigilance of bank employees. “When employees are anticipating their upcoming holiday or in a relaxed state upon their return, they are probably more prone to opening files from emails received from unknown sources,” noted the regulator.