Central Bank: Banks began to stage hacker attacks for illegal withdrawal of funds

Photo: Kacper Pempel / Reuters

According to the Central Bank, banks operating in Russia began to stage hacker attacks in order to hide the traces of their own illegal actions, Vedomosti reports. This was stated by the first deputy chairman of the Central Bank Georgy Luntovsky at the VIII Ural Forum on Financial Information Security. He also said that for the time being this is only the suspicions of the Central Bank, the full evidence base has not yet been collected. “We have an assumption that credit organizations use this mechanism in order not only to hide previous crimes or mistakes, but also to withdraw money from the bank. This worries us very much, ” said Luntovsky.

He also stressed that real, and not simulated attacks very badly affect the reputation of banks. It turns out that banks do not pay enough attention to information security, which leads to significant financial losses, and adversely affects the stability of banks. In the fourth quarter of 2015, according to the first deputy chairman of the Central Bank, three banks lost their licenses, which had previously been subjected to computer attacks.

According to the Bank of Russia, the main reason for the emergence of computer attack risks is the lack of procedures for monitoring the compliance of automated systems and applications with IT security requirements. This also includes the low efficiency of banks in implementing and using Central Bank instructions in information security and standardization.
')
Only in the fourth quarter of 2015, about 1.5 billion rubles were stolen from clients' accounts in various banking organizations using cyber attacks. Since the beginning of this year, joint efforts of the Central Bank, the Ministry of Internal Affairs and the banking community have allowed us to prevent theft in the amount of about 500 million rubles, RBC writes . “Since August last year, we have witnessed a significant increase in criminal activity in this particular area. Naturally, we are worried about this situation, ”said Luntovsky.

The main types of violations are attacks on information resources of banks for the withdrawal of financial assets plus attacks on the IT infrastructure of non-credit financial organizations. The main tool of such attacks is non-payment trading tools, including trading terminals and processing centers.

“The statistics of the Bank of Russia shows that the inattentive attitude of the management of credit institutions to the issue of information security leads, as a rule, to significant financial losses and indicates the immaturity of the risk management approach. Thus, inattention to the issues of information security is an additional factor of negative impact on the stability of credit institutions, ”said Luntovsky.

Despite all the problems voiced above, the Central Bank does not currently have the authority to oblige banks to take a more responsible approach to the problem of information security.