Carbanak Attack or how can a bank can be fully compromised in under two hours

Recent reports from the investigation of the cyber attack on an East European bank shows how some hackers hijacked the banks’ network in very little time.

The cyber attack began when two bank employees opened a malicious document from a spear-phishing email.

The malicious file contained three exploits for remote code execution in Microsoft Word, which allowed the hackers to install a backdoor for deploying new payloads in the bank’s network. One of the payloads was Cobalt Strike Beacon, that permitted the hackers to map the bank’s internal network in order to freely move across the entire network.
Cybersecurity researchers say that all happen in under two hours; the hackers practically managed to directly compromise the entire bank network and get admin-level credentials, without rising any of the installed cyber alarms.

After obtaining this advantage, in the next two months, the hackers use the credentials to quietly manipulate and withdraw funds from the bank’s ATMs. The breach was discovered when nothing could be done after a series of security alerts were eventually triggered.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

The investigation of the cyber attack on the East European bank revealed that hackers have done extensive planning whit high patience on the bank’s infrastructures.

It is astonishing how the hackers’ group had gathered enough information to be able to connect to a host with access to banking applications in under 33 days, researchers say. According to researchers, the same hacker group also appeared focused on improving its understanding of the bank’s internal systems in an effort to make its attack more efficient and stealthy.

It seems that the hackers poot a considerable effort to maintain a low network footprint and to conceal their movement. For example, they used a single compromised workstation on the network to centralize and store all their collected information. The group also made sure to carry out all of their activities after normal business hours, by using the authentication credentials without being suspicious.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.