Joint efforts by Kaspersky and INTERPOL helped to prevent cyber criminals from stealing funds from a central bank in Latin America.
Kaspersky experts discovered the incident when the attackers were attempting to find partners to help them conduct additional malicious activity. This sort of scheme has become particularly common over the past few years, wherein different groups are responsible for different stages of an attack. There are those that initially penetrate the victims’ systems, those that conduct the actual attack (e.g., encrypt and steal data), and those that demand the ransom and manage the financial aspect of the attack.
RELATED Kaspersky Partners INTERPOL And CSOs For Training On Stalkerware
Kaspersky discovered the data, that was offered by the attackers to third parties as evidence that they had access to the organisation. The experts analysed the stolen data and found out that the attackers were able to gain access to the entire infrastructure of the Latin American central bank, including the systems for international money transfers. In order to prevent any further malicious activity, Kaspersky promptly notified INTERPOL and the International Payments Framework about the attack. After conducting a joint investigation, all vulnerabilities in the corporate networks of the bank were closed and any opportunities for additional attacks were blocked.
“Over the past few years, we’ve seen many ransomware attacks carried out by these “hybrid” teams. Previously, however, their targets were mainly commercial companies. We are happy that together, with our partner Kaspersky, we were able to prevent an attack that could have affected the region’s economy. It is only through effective cooperation on the international level and striving to be ahead of the curve that we will be able to effectively protect the global community,” commented Stephen Kavanagh, Executive Director of INTERPOL Police Services, INTERPOL.
“We learned that the attackers had found a loophole that allowed them to gain access to the central bank’s infrastructure. When countering such attacks, international cooperation coupled with the ability to act quickly is critical. That’s why, as soon as we gathered information about how the attackers were operating, we notified INTERPOL. Such well-coordinated and precise cooperation made it possible to thwart the attackers before real damage to the organisation occurred,” added Sergey Golovanov, Chief Security Expert at Kaspersky.
Kaspersky recommends the following set of measure to prevent cyber attacks:
- Teach employees the basic rules of good cyber hygiene since many attacks begin with phishing or other types of social engineering.
- Regularly conduct cybersecurity audits of networks and fix discovered vulnerabilities in a timely manner.
- Along with protecting endpoints, implement services that can protect against targeted attacks. For example, Kaspersky Managed Detection and Response can help detect and stop attacks in their early stages before the attackers achieve their goals.