Paris, 25th February 2015 – A new generation of threats, APTs (Advanced Persistent Threats), methodically combines several vectors and intrusion tools allowing it to strike slowly but surely. In the past, while malware aimed to steal sensitive data from users, (credit card numbers, online account passwords, etc), attacks nowadays can target the very heart of financial institutions and even divert funds. Stormshield (Arkoon Netasq), the leader in cyber security, has however homed in on this new growing threat.
Safeguarding infrastructures from cybercriminals is one of the most important issues facing IT Managers in the banking sector. Despite the banks’ unwavering efforts to protect their clients and their resources, attacks are becoming more and more commonplace and the war against cybercrime is becoming more and more complicated. These APTs, invisible and undetectable, are often detected at a later stage on workstations. In general the banks become aware of the APT when it is too late to take action.
The Carbanak APT is a stark illustration of the dangerous nature of these new attacks. Recently, more than a hundred banks fell victim to this extremely sophisticated malware designed to spy on their infrastructures and employees, causing total estimated losses of between 300 million and 1 billion dollars. This particularly pernicious malware strikes ATMs and SWIFT networks (used for wire transfers), sneaking its way into the usual channels via infected e-mails that have been sent to victims (phishing). Such e-mails usually contain a Word document that exploits a local vulnerability on the workstation and makes its way via this machine to other machines on the internal network. These attacks are highly organized, with attackers observing their targets (banks), understanding how they operate and even going so far as to monitor the behavior of certain employees.
As APTs become more and more sophisticated, cybercriminals are now able to give instructions remotely for money to be distributed from an ATM (Automated Teller Machine) with no physical interaction whatsoever. Accomplices are assigned the task of retrieving the money from the ATM in question.
Stormshield Endpoint Security implements a unique technology that protects workstations and servers, providing an adapted and proven response to targeted attacks and APTs, even those as yet unknown.
The Stormshield Endpoint Security suite proactively blocked the Carbanak attack without requiring any upgrading of the solution. Our Endpoint Security clients in the banking sector worldwide have therefore been spared the Carbanak APT.