The Most Devastating Cyber Attacks on Banks

By SentinelOne -

Colorful data as a representation of the latest cyber attacks on banks.
For cybercriminals, banks represent a high risk/reward proposition. Banks tend to have a great deal of investment in cyber-protection—more so following a few of the most recent attacks discussed in this article—but on the other hand, the information they contain is easily converted into cash. Some of the information literally is cash, which can be grabbed from compromised bank accounts and drained into the coffers of offshore tax havens and unfriendly nations. Other information—addresses, phone numbers, emails, bank statements, and SSNs—can be sold into the hands of eager scammers.

In spite of recent heavy investment by banks into cybersecurity, there have still been times when a bank’s information security defenses have acted less like an iron vault, and more like a piñata. Here are some of the most devastating cyber attacks on banks in the history of cybersecurity.

The Latest Cyber Attack on Banks: The 2013 South Korea Bank Hack

Spoiler alert: This is not the last hack in this list which has been linked to North Korea. Using malware known as “DarkSeoul,” attackers were able to brick computers, disrupt financial networks, and crash ATMs, bringing commerce in South Korea to a standstill for several days following the assault.

Interestingly, the malware in use was relatively unsophisticated in certain respects. It lacked certain basic obfuscation techniques, for example, which would allow it to hide from signature-based endpoint protection—yet still remained startlingly effective. Another oddity: in addition to hitting the usual gamut Windows desktops and servers, the malware added the capability to disable Linux systems by overwriting their master boot record.

The Latest Cyber Attack on Banks: The 2012 DDoS Attacks

Of the attacks on this list, the 2012 DDoS attacks that overwhelmed Bank of America, Chase, Wells Fargo, PNC and more rank as one of the most devastating—but least damaging. These attacks, which involved thousands of stolen applications server pinging those banks’ websites with fake traffic, certainly did economic damage to their targets. However, this damage was realized in the form of lost business as opposed to stolen data. The point of these attacks was to keep customers from accessing their accounts, causing banks to lose money from the loss of business.

The Latest Cyber Attack on Banks: The 2016 SWIFT Hack

We’ve written about the SWIFT hack several times, so you most likely know by now that only a single typo separated this hack from being one of the biggest heists in history. The unknown attackers—who may be linked to North Korea—still got away with $81 million, which isn’t nothing.

The SWIFT hack followed an extremely torturous route. First, it went through Bangladesh bank, via a set of $10 secondhand routers being run without a firewall. Since SWIFT—a private transaction notification system between banks—wasn’t segmented from the banking network, the hackers were able to take over a SWIFT messaging app using custom malware. From there, they used the messaging system to send banking transfers into accounts they controlled.

The Latest Cyber Attack on Banks: The 2013-2015 Carberp Trojan

Here’s a hack that may have gone under your radar. In early 2015, major information security organizations, along with international law enforcement authorities, announced that they had discovered a massive cyberattack. This breach, two years in duration, had stolen a billion dollars or more from banks around the world

The culprit—a cybercrime ring called Carbanak—managed to steal from over 100 banks across the globe using custom malware known as Carberp. Carberp was distributed via a targeted spear-phishing campaign aimed at administrators and bank clerks. Once installed, it would download a commonplace remote-access tool in order to take over a victim’s computer, then impersonate their actions in order to send money into the attackers’ accounts.

The Latest Cyber Attack on Banks: The 2014 JP Morgan Data Breach

Still one of the largest breaches in history, the 2014 JP Morgan Data Breach affected tens of millions of people, and seven million businesses—a total of 83 million customers. Five individuals used malware, social engineering, and spear-phishing attacks to plunder emails, addresses, phone numbers, SSNs, and other customer information, not just from JP Morgan itself, but other related financial institutions around the same time.

Two of the hackers—identified as Josh Aaron and Anthony Murgio—were fraternity brothers from affluent backgrounds, with little experience in cybercrime. They’re suspected to have outsourced the major legwork of the attacks to Russian hackers. Using pilfered data from the breach, the two were able to set up a sophisticated stock fraud scheme which garnered over $100 million before being shut down.

Apart from the size of the breach, the JP Morgan hack is notable in a few other ways. First of all, at the time of the breach, JP Morgan spent $250 per year on information security. All of that spending went to naught, however, due to a single server which hadn’t been updated with two-factor authentication.

Second of all, out of all the incidents discussed, this is the only data breach where the perpetrators have been caught.

How do We Prevent Devastating Cyber Attacks on Banks?

One of the common threads from all of these cyber attacks on banks is the failure of basic malware protection to actually defend against threats. In the case of the South Korea hacks, basic malware was enough to tie up the economy of an entire nation for several days. Even in the case of the 2012 DDoS attacks, while malware wasn’t directly involved, it still played a role in infecting the legions of servers that comprised the attackers’ botnet.

Even more damaging attacks, such as SWIFT and Caberp, involved custom malware that never saw the light of day prior to being used to steal millions or even billions of dollars. The lesson here is obvious—traditional signature-based endpoint protection can no longer be used to protect financial enterprises.

Enter SentinelOne. Our solution is based on behavioral detection, and it finds the actions that malware authors can’t hide—taking over programs, encrypting files, and exfiltrating data. With these lightweight algorithms running on an enterprise’s servers and endpoints, they’ll have a lot less to worry about in terms of stolen financial data. For more on the subject, check out our white paper, “The Wicked Truth about Malware and Exploits.”

What's New