$72M Bank Fraud Scheme BustedOutdated Software to Blame for Vulnerabilities at Banks
According to a statement posted on the Security Service of Ukraine's website, law enforcement authorities in Ukraine cooperated with authorities in 10 countries, including the U.S., to break up the ring. The hackers, two of whom were arrested in Latvia, are accused of spreading the Conficker worm to steal banking credentials and then wire more than $72 million from those bank accounts, which spanned numerous countries.
Ukraine's security service, also known as SBU, says more than 30 searches, 19 of which took place in Ukraine, were simultaneously executed on June 21. During those searches, some 30 servers, 74 desktops and laptops, more than 300 drives and disks were confiscated. Documents and cash also were seized. SBU also says crime investigators in Kiev, Kharkiv and Lugansk interrogated 16 individuals suspected of being connected with the ring.
Paul Buelens, head of project management for EastNets, a global compliance and banking payment solutions provider, says the collaboration among numerous international law enforcement agencies is a promising sign.
"It's terrific to see that the SBU has made an impact with these underground hacker groups so quickly, as the Russians had a similar counterfeit software ring that authorities have been battling since 2003," he says. "The Trojans and botnets can remain dormant for years and are activated remotely when the criminals deem necessary, making it a very difficult crime to bring down."
Buelens adds that Ukraine could soon be a good cybersecurity ally, since new regulations passed in the last six months have been aimed at thwarting money laundering and other types of financial fraud. "We have been seeing a lot of activity from Ukraine banks lately," he says.
Malware: A Global FightConficker is a strain of malware that's been on the market since 2008. Zal Azmi, senior vice president of the Cyber Solutions Group at CACI International Inc., which provides professional services and IT solutions in defense intelligence, says the Conficker worm, though dated, continues to take advantage of vulnerabilities in Microsoft's operating system that were identified in 2008.
"Users are still not taking patch management seriously," he says. As a result, financial institutions and other organizations using outdated Microsoft products have left themselves open to old attacks, like Conficker.
"Continuous monitoring implementation is still lagging and system administrators have no visibility into their network IT assets," Azmi adds. "Global cooperation between law enforcement is maturing and working. We need to expand this relationship, because cyberspace does not have a geographical boundary and only global information sharing, cooperation and coordination will stop cyberattacks."