Thursday 22 February 2018

Irish banks look to have escaped $1bn cyber attack

Major Irish banks appear to have escaped a cyber attack from Eastern European criminals
Major Irish banks appear to have escaped a cyber attack from Eastern European criminals
Gavin McLoughlin

Gavin McLoughlin

Major Irish banks appear to have escaped a cyber attack from Eastern European criminals that could have cost 100 financial institutions up to $1bn (€880m) collectively.

A map of the attackers' targets published by internet security firm Kaspersky, which reported the attack, does not include Ireland.

Yesterday evening Kaspersky said it cannot say for definite whether Ireland has been hit .

"It is very difficult to say precisely who has been affected since it relies on institutions reporting the issue," Kaspersky Lab principal security researcher Vicente Diaz told the Irish Independent.

"But we can say that the campaign is still live and we would advise institutions to check their systems," Mr Diaz said.

Spokespeople for AIB and Permanent TSB said their banks had not been affected. A Bank of Ireland spokeswoman said the bank does not comment on security issues.

Kaspersky said the criminals were able to get ATMs to dispense cash without having to use a bank card.

It said the attacks, which date back two years, were perpetrated by a gang of Eastern European criminals known as the Carbanak group.

The group used a method known as "spearphishing".

"A group will research the particular organisation they're targeting, and they'll look for particular members of staff who have a specialised kind of interest in particular areas..who might have privileged access to certain types of money transfers," cybersecurity expert Cillian Hogan said.

"They'll send them particular documents pretending to be say, another member of staff, and those documents when they're opened will contain malware or something else to try and compromise that system, and from there they'll try to compromise the rest of the network," Mr Hogan added. "It would be indicative of a relatively advanced approach...if you manage to succeed it pays very well."

Kaspersky said that using its own data as well as police intelligence from Interpol and Europol, each bank's losses range from $2.5m to $10m.

The attacks continue, the company said.

Mr Hogan said these attacks are used more often and that companies should make sure that they're educating employees about the risks.

"There's a technical element but the primary vector of the attack is to take advantage of the trust the person has."

"There are examples of people doing very very long periods of research into particular targets, where they've basically gone into the detail of finding out the marital status, the number of kids, they've looked for hobbies."

Irish Independent

Promoted Links

Business Newsletter

Read the leading stories from the world of Business.

Promoted Links

Also in Business