back to article Buhtrap hacks whack Russian bank chaps; phish bait works great

Russian malware writers have scored at least US$25.7 million (£17.8 million, A$33.6 million) in raids against banks in their home country, intelligence firm Group IB says. The "Buhtrap" group has since 2014 used simple but coordinated attacks to target Russian banks directly and with devastating effectiveness. It is the first …

  1. Aniya
    Meh

    Re: over-reliance on traditional security measures, such as licensed and updating antivirus.

    This is quite a big problem everywhere. Too many organizations think that security boils down to having a basic packet filter as a firewall and antivirus. They think that they can escape the cost of a well trained IT team by paying 30-50$/year per seat on antivirus. I would actually say that I would much rather have an extremely well set up active directory infrastructure with an extremely well configured GPO and run no antivirus than the other way around.

    Too many users in too many organizations are given too many privileges on their PC's and that's where all the problems start.

    1. Pascal Monett Silver badge

      Re: "privileges on their PC's"

      That happens because most companies do not take the time to properly audit their procedures and do not set the proper policies.

      Not to mention that most companies rarely have personnel competent enough to do the job in the first place.

      Banks, however, do not have the luxury of such an excuse. Not having PCs locked down and proper policies in place in simply shoddy IT practice for financial institutions in general. It's not like they don't have the money for it.

      1. Anonymous Coward
        Anonymous Coward

        Re: "privileges on their PC's"

        Banks, however, do not have the luxury of such an excuse. Not having PCs locked down and proper policies in place in simply shoddy IT practice for financial institutions in general. It's not like they don't have the money for it.

        Banks only do enough to offset any liability for when things blow up. As for not having money, I'm quite happy to lend them some on the same terms as they have tried to offer it to me, in times of negative base rates.

        Indeed, no excuses.

    2. Doctor Syntax Silver badge

      Re: over-reliance on traditional security measures, such as licensed and updating antivirus.

      "They think that they can escape the cost of a well trained IT team"

      Given that phishing emails were involved it sounds as if it was the general user population that needed to be well trained.

  2. Anonymous Coward
    Anonymous Coward

    Payback is a bitch

    How do they know it is local criminals rather than for example, external ones posing as local for the purpose of changing the local tolerance for this type of crime?>

    As posted above why are bank staff using anything but thin clients with text only email software, I am betting they all have wintel on their desk.

    1. phuzz Silver badge

      Re: Payback is a bitch

      Given that most Russian hacking groups take great pains to avoid targeting their fellow Russians so that they're left alone by the security services, I'd be surprised if it is a local group.

      Of course, if it's someone from a country that has a historical grudge against Russia, well, you're spoilt for choice on that front...

  3. Anonymous Coward
    Anonymous Coward

    "but thin clients with text only email software"

    Because banks all around the world often like to see some scanned documents because of signatures and the like? Beancounters like Excel spreadsheets? Anyway, last time I checked, even Linux could display graphics... and some bank staff also often needs to do more than reading emails or check how much money there's on your account.

    Maybe there are some local gangs that have more issues in targeting foreign banks, and put aside the "patriotic" approach others took - to ensure police don't look for them - and decided to rob their own country banks too, especially if it's easier. Putin's money are already in Switzerland, so there's little risk to touch them.

    After all, when a state became a criminal gang, sooner or later other criminals will took advantage of its citizens too.

  4. Anonymous Coward
    Joke

    Banking infrastructure exploit kits?

    Who will protect us from all this Apple/Linux malware?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020