The change of the ruble exchange rate by 15% in February 2015 - the work of hackers
The high volatility of the ruble exchange rate may be due not only to sanctions, a fall in oil prices and a slowdown in the growth rate of the Chinese economy. Another factor is the malware and skillfully planned attackers on financial structures. So, the reason for the sharp change in the ruble exchange rate in February last year was precisely the hacker attack, writes RBC and Bloomberg . The attack was discovered and analyzed by information security experts from Group-IB .
As it turned out, hackers from Russia were able to crack the security system of the regional bank Energobank , and with the help of a virus, change the exchange rate of the ruble on the stock exchange by 15%. To attack the bank’s systems, the Corkow Trojan virus was used. In the course of the attack, the bank placed orders for more than $ 500 million in February 2015, moreover, at a non-market rate. "This is the first documented attack using this virus, and the damage can be much greater ... As soon as malware penetrates the local network, it is difficult to detect and the malware can infect computers that are not connected to the Internet," said the head of the cyber intelligence department. Group-IB Dmitry Volkov.
Such actions of the bank led to significant fluctuations in the exchange rate of the ruble, which allowed hackers to purchase dollars at the rate of 59.0560. In just 51 seconds, the attackers sold the currency they bought earlier at the rate of 62.3490. In just 15 minutes, hackers managed to achieve maximum volatility of the domestic currency, with a minimum dollar rate of 55 rubles per $ 1. Before the attack began, the dollar exchange rate was 60-62 rubles for $ 1.
As mentioned above, hackers used malware Corkow Trojan, this virus is constantly updated by the creators to bypass the main antivirus software. This is a fairly common and extremely effective virus that in a relatively short time was able to penetrate the computer networks of various financial institutions and other organizations around the world. The total number of infected Corkow Trojan PCs is estimated by experts in 250 thousand devices. At the same time, almost in all banks where a virus was detected, experts recorded the correct operation of licensed antiviruses. The virus is designed very well, so in some cases it can go unnoticed for many months.
')
According to representatives of Energobank, the organization’s losses in February 2015 amounted to 244 million rubles (in particular, Vedomosti wrote about this). The main factor that led to such a significant loss - the actions of hackers. After a detailed check, the Moscow Exchange reported that its systems were operating normally.
After examining the situation, at the end of March 2015, the Moscow Exchange Currency Market Committee made a recommendation to the Exchange Board to exclude Energobank from the list of participants in the foreign exchange market. The reason is insufficient security of the information security system of the bank. “As a result of this fraud, the bank suffered great financial and reputational damage, since many players in the market do not trust the burglary version and willingly blame everyone on the error of the trading system operator,” representatives of Group-IB said.
Also in 2015, only in August, there was another problem situation related to the unauthorized use of the settlement system, which united about 250 banks. This system allowed its participants to withdraw funds from Visa and MasterCard cards at favorable rates. And through the ATMs of one of the system participants in August several hundred million rubles were withdrawn. As it turned out later, it was an unauthorized disbursement of funds, and the cause of the incident was a hacker attack using the same Corkow virus.
A detailed report by Group-IB can be found here (pdf).
As it turned out, hackers from Russia were able to crack the security system of the regional bank Energobank , and with the help of a virus, change the exchange rate of the ruble on the stock exchange by 15%. To attack the bank’s systems, the Corkow Trojan virus was used. In the course of the attack, the bank placed orders for more than $ 500 million in February 2015, moreover, at a non-market rate. "This is the first documented attack using this virus, and the damage can be much greater ... As soon as malware penetrates the local network, it is difficult to detect and the malware can infect computers that are not connected to the Internet," said the head of the cyber intelligence department. Group-IB Dmitry Volkov.
Such actions of the bank led to significant fluctuations in the exchange rate of the ruble, which allowed hackers to purchase dollars at the rate of 59.0560. In just 51 seconds, the attackers sold the currency they bought earlier at the rate of 62.3490. In just 15 minutes, hackers managed to achieve maximum volatility of the domestic currency, with a minimum dollar rate of 55 rubles per $ 1. Before the attack began, the dollar exchange rate was 60-62 rubles for $ 1.
As mentioned above, hackers used malware Corkow Trojan, this virus is constantly updated by the creators to bypass the main antivirus software. This is a fairly common and extremely effective virus that in a relatively short time was able to penetrate the computer networks of various financial institutions and other organizations around the world. The total number of infected Corkow Trojan PCs is estimated by experts in 250 thousand devices. At the same time, almost in all banks where a virus was detected, experts recorded the correct operation of licensed antiviruses. The virus is designed very well, so in some cases it can go unnoticed for many months.
')
According to representatives of Energobank, the organization’s losses in February 2015 amounted to 244 million rubles (in particular, Vedomosti wrote about this). The main factor that led to such a significant loss - the actions of hackers. After a detailed check, the Moscow Exchange reported that its systems were operating normally.
After examining the situation, at the end of March 2015, the Moscow Exchange Currency Market Committee made a recommendation to the Exchange Board to exclude Energobank from the list of participants in the foreign exchange market. The reason is insufficient security of the information security system of the bank. “As a result of this fraud, the bank suffered great financial and reputational damage, since many players in the market do not trust the burglary version and willingly blame everyone on the error of the trading system operator,” representatives of Group-IB said.
Also in 2015, only in August, there was another problem situation related to the unauthorized use of the settlement system, which united about 250 banks. This system allowed its participants to withdraw funds from Visa and MasterCard cards at favorable rates. And through the ATMs of one of the system participants in August several hundred million rubles were withdrawn. As it turned out later, it was an unauthorized disbursement of funds, and the cause of the incident was a hacker attack using the same Corkow virus.
A detailed report by Group-IB can be found here (pdf).
Source: https://habr.com/ru/post/367891/
All Articles