A feast for hackers

A feast for hackers

For the first time since the beginning of year it became known about the withdrawal from the Bank.

After a lull of more than six months made a successful hacker attack on a Bank — PIR-Bank lost more than 58 million RUB from correspondent accounts in Bank of Russia. The stolen funds were transferred to accounts in the 22 largest banks and were cashed in various regions of the country. Earlier, the Central Bank assured that such attacks will be no more. New theft face not only serious challenges attacked the Bank, but poses a threat to the entire banking market.

Representatives of several credit institutions reported “Kommersant” that this week was made the first hacker attack on a Bank in 2018. According to one of interlocutors of “Kommersant” attacked PIR Bank (329-nd place by assets). Other source “” has specified that with its correspondent accounts in the Central Bank in the night of 4 July, the attackers withdrew, according to conservative estimates, more than 58 million rubles.

PIR Bank confirmed the fact of attack. According to the Chairman of the Board of Bank of Olga Kolosova, at present it is difficult to accurately estimate the size of the theft. “The withdrawal of part of the stolen funds managed to stop, but it is clear that the most part lost forever”, she said. As explained by Ms. Kolosova, cash withdrawn fan mailing plastic cards of individuals in the banks 22 of the top 50, much of the money cashed in the night of the theft.

“The virus that attacked the Bank, is not subject to identification currently available means, which was confirmed by the staff Fincert, most likely a virus got into the Bank through a phishing email,” said Ms. Kolosova.

The Bank was forced on July 4 and 5 to stop working, because “compromised keys” (the attackers actually got full access to the workstation is the client of the Bank of Russia, arm the CBD, and could withdraw money from the Bank corresponding accounts in the Central Bank). “From July 6, work will resume,” — said Olga Kolosova.

The Central Bank also confirmed the hacker attack, but the details do not reveal, limited to restrained comments.

“Fincert conducted all the necessary arrangements, and we continue detailed analysis of the situation, until its completion to draw conclusions prematurely,” said the Bank of Russia.NewsExperts told about the virus, which intercepts calls to steal money

Attacks on banks, when the money was withdrawn through the payment system of the Bank of Russia, was the scourge of credit institutions in 2016. Then hackers stole 1.5 billion rubles in the Fall of 2017, presenting the report Fincert, the Central Bank assured that more attacks on AWS CBD will not. Nevertheless, until the end of the year, it took two attacks with the withdrawal of funds from the correspondent account at the Central Bank, the total damage from which amounted to 54 million rubles.

According to analysts, the theft will not significantly disrupt financial stability of the Bank. “The capital stock of the PIR of the Bank as of June 1, can potentially withstand the loss of up to 740 million RUB to a reduction of the N1.0 to a critical minimum of 8%,” — said associate Director on Bank ratings “Expert RA” Ivan Uklein. At the same time, the attack itself, taking into account individual indicators of the Bank may attract the attention of the regulator. The margin over minimum required capital of 1 billion rubles. is quite small — a total of 67.6 million rubles. in addition, the Bank has dramatically reduced the scope of activities. If in 2015, the retail loan portfolio amounted to RUB 3.8 billion, by the summer of 2018 fell to 570 million rubles. According to the Ivan Uklein, over the past 12 months of Bank expenses almost twice the income from operating activities. The Bank maintains a significant share of assets in the form of cash and the turnover of the cash register is very high. Pay attention and almost continuous redistribution of a small proportion of owners (10%) in the last year and a half, said Ivan Uklein. Previously the acting head of the Department of information security Artem Sychev said that three times already, the Central Bank revoked the licenses of banks for the low level of information security. It was also noted that there have been two cases of withdrawal of assets from the Bank under the guise of a hacker attack.

This attack will have consequences for the entire market.

“You must understand that such an attack may be any Bank, even the one who buys expensive software, making pentest and analyses of vulnerabilities,” — says the head of information security Setcompany Alexander Vinogradov.

In fact, by and large, for a successful attack is enough to “only one employee of the Bank once you have opened a phishing email that may look like the email client of the Bank,” he concluded.

Veronica Goryacheva