Security & Fraud

Russian Banks Hacked For $17 Million In 2017

Russian banks are reporting that 2017 was a rough year for cyberattacks; rough and expensive, according to news from Reuters.

Russian bank officials revealed hackers lifted over 1 billion roubles ($17 million) from Russian banks in 2017 using the Cobalt Strike security-testing tool. Over the last 18 months, Russian institutions have been under scrutiny for various cybercrimes, as reports have emerged that Moscow-backed hacking units have been instrumental in cyberattacks on the U.S. and across Europe.

Authorities in Russia seem to suggest that Russians are just as likely to be the victim of a cyberattack as anyone else — and that they’re working hard to lock out hackers.

Deputy Governor of the Central Bank of Russian Federation, Dmitry Skobelkin, noted that 21 “waves of attacks” using Cobalt Strike were recorded in 2017.

“More than 240 credit organizations were hit by the attacks, 11 of which were successful. The amount stolen was more than 1 billion roubles,” he said.

The Cobalt Strike tool is designed to test the strength of an organization’s cyber defenses. That is the legitimate use anyway; unfortunately, black hat hackers have used it in several attacks against financial institutions in Russia and Europe. The Cobalt hacking group used the software to force ATMs to vend cash.

Skobelkin stated the Russian central bank has sent warnings to more than 400 organizations, which were targeted by the Cobalt hacking group last year.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.