How Much Money Has Been Stolen in Cyber Attacks Agains Banks

IMPACT OF CYBERATTACKS ON Financial INSTITUTIONS

NIDA TARIQ

Hailey College of Commerce, University of the Punjab, Islamic republic of pakistan

*Corresponding Author:

NIDA TARIQ
Hailey College of Commerce, University of the Punjab, Pakistan
Tel: 00923224153528
Electronic mail: [email protected]

Visit for more than related articles at Journal of Net Banking and Commerce

Abstract

Use of mod engineering has geared upwards the business activities. Cyber technology has taken the organizations above the heights of profits. Specially, it has given a great favor to the financial institutions by providing information storage, digital money, networking and many other online services. The fact, cannot exist hindered in any style that where technology facilitates intensively, tin also be severely disastrous for financial institutions. Cybercrimes as a technology disease are spreading very rapidly in present era. Nothing is secure now and financial institutions are under a great threat. Therefore, this study has undertaken to explore affect of cyberattacks on financial institutions. The study has witnessed that at that place may be the lesser cases of cyberattacks on financial institutions only their impact is astringent in terms of directly and indirect loss. Information technology has also been witnessed that cyberattacks are growing rapidly as compare to few years back. In this alarming situation, organizations, especially financial institutes must pay attention to the security. Some of the preventive measures can exist tightening internal security, cybersecurity assessment, cybersecurity training and cybersecurity audit.

Keywords

Cybercrime; Cyber-Assail; Financial Institutions

Introduction

With the emerging trends in business virtually of the companies are depending on digital money, electronic information and computer networks where all of the personal and financial information is stored. By these trends theft tactics take likewise been upgraded. Cybercrime is one of the major challenges today. Major cyberattack in the recent years not only acquired fiscal loss but likewise leaked other sensitive information. According to Group-IB expert evaluations, almost 99% of all cybercrimes in the globe now involve coin theft. Massive malware attack that hit in 2017, ruined many of the companies like MDLZ, DLA Piper in US, Rosneft, EVRAZ and Banks in Russia, Maersk in Republic of india and Denmark and many other countries were the victim of this assail [ane]. Identity theft as a subset of cybercrime is intentionally stealing someone'south identity to proceeds do good in any kind. In recent years identity theft crashed operations and profitability of many businesses. "2017 was a great year for identity thieves". Equifax is one of the victims who suffered the worst information breaches in 2017, all of the sensitive information hacked could exist used for identity theft [2]. Although, cyberattacks have disastrously affected many of the business but however it requires more attention. "In the past few years, a growing number of organized and specialized groups have been robbing these financial institutions with the assist of malware." Banks are as exposed to 'mass market' attacks as whatever other organization [3].

Various studies have been done before in the context of cyberattack but either it is country specific or attack type specific or victims describing [4], but this study undertakes global demographics where financial institutions became a victim of cyber-attack. This study presents an overall view and impact of cyberattacks on financial institutions. This research is very significant for emerging financial institutions.

Literature Review

This review presents in depth the basic and relevant torso of cognition in the field of electronic coin, cybercrime, types of attackers and financial institutions.

Digital Money

"Electronic money (too east-Coin or digital money) are traditional currency in a digital format. They are issued by the government, are regulated and legal tender in the country of outcome. The supply of money is stock-still and controlled past the state (European Central Banking company Report, 2012). Example: Euro or US dollar used to make online payments" [5]. The employ of digital coin is uncontrollably increasing 24-hour interval by day because of its intense ease. In that location has also been a concurrent proliferation of new businesses and services related to all aspects of digital currency, from the computing hardware required to mine it, the processing of transactions, payment platforms for merchants, legal services devoted to navigating the still ambiguous and contradictory regulatory environments surrounding information technology, and both online and print publications devoted to covering significant events and promoting its utilize [vi].

Cybercrime

"Cybercrime refers to the unlawful acts where in the computer is either a tool or target or both" [7]. "Cybercrime" ways illegal acts, the commission of which involves the employ of data and communication technologies [viii]. "Evidence shows u.s.a. that organizations such as banks, authorities agencies, healthcare institutions and large corporations that maintain highly valuable data are more likely to be attacked more frequently than most" [nine].

Types of Attackers

Attackers generally autumn into iii broad categories:

 The financially motivated attacker who intends to compromise systems to conduct theft or fraud electronically.

 The espionage motivated aggressor who intends to steal information to sell on to a third party.

 The politically motivated assailant who intends to compromise information or systems to attain a goal shared inside a grouping [4].

Financial Institution

Financial institutions are corporations which provide services as intermediaries of fiscal markets [10]. A fiscal institution is responsible for the supply of money to the market through the transfer of funds from investors to the companies in the class of loans, deposits, and investments [11].

Conceptual Framework

It is an explanatory inquiry and uses qualitative approach to elaborate the bear on of cyberattacks. The model (Figure 1) shows the relationship between different variables of this research study.

Figure i: Demonstrating the touch on of Cyber-Attacks on Financial Institutions.

In the given Figure ane, (1) shows the utilize of digital money and online data storage past financial institutions. (2) shows digital money and online data tin can be stored by using networks. (iii) Depicts interference of cyber-criminals into the network that results in (iv) and (5) cyber-theft of the organizations ultimately, they suffer from financial loss or data breach (half-dozen).

Research Question

How cyber-assail impact on financial institution?

Methodology

Literature provides the base near the concept and merely effect is still unclear. Therefore, hybrid research method is adopted. This is global report on financial institutions and banks are chosen every bit sample as they cover most of the services provided by other financial institutions like insurance etc. Therefore, upshot is expected to generalize on rest of the financial institutes. Nerveless data is analyzed by descriptive statistics method where central tendency way is used to check about frequent effect in the fourth dimension span of 2010-2018. Data is collected from secondary sources considering of express fourth dimension and budget availability, therefore, convenience sampling technique is adopted.

Cyber-Attacks (2010-2018)

United States

2012: Every bit a issue of cyber-set on reported by New York Times, "Frustrated customers of Banking concern of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC, who could not get access to their accounts or pay bills online, were upset because the banks had non explained clearly what was going on" [12]. Furthermore, "CEO Brian Moynihan told analysts the bank of America is spending "hundreds of millions of dollars a year" on cyber security to guard against information breaches" [13]. The aim of attackers was not to gain a fiscal advantage/theft but to frustrate the customers that could ultimately cause a financial loss to the institutions. As reported by CNN, "Denial of service attacks is an effective only unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems similar their ATM networks remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites [14].

2014: United states of america Today reports, "Federal officials warned companies Monday that hackers have stolen more than 500 million fiscal records over the past 12 months, essentially breaking into banks without ever entering a edifice" [fifteen].

2016: Another news reports, "Forty-six major financial institutions were targeted with distributed denial of service (DDoS) attacks in which hackers gain remote command of hundreds of computers and servers and use them to flood a target's server with information, bottleneck it up so that it tin can't receive legitimate traffic" [16]. Furthermore, NBC news says "Targets included Bank of America, the New York Stock Exchange, Majuscule One and ING, and PNC Banks, co-ordinate to court papers" [16]. In addition to the above, "FBI and US clandestine service agents accept arrested a man charged with the largest cyber-attack of financial firms in America'southward history. The company hit hardest by the breach was JPMorgan. More 83 million of the bank'south customers had data stolen in the breach [17].

Europe

2015: "The RBS banking group has revealed it suffered a cyber-assault on its online services that left customers struggling to log on for nearly an hr – only as monthly pay cheques were arriving in accounts" [xviii].

In late 2015, several incidents of cyber-attacks took identify in online trading equally mentioned by NASDAQ, "The latest data breach was reported by FXCM Inc. FXCM , an online foreign exchange trading and related service provider, on Oct 1. According to the company, hackers gained unauthorized admission to customer information and a few transfers were made from certain accounts" [19].

An Information Security Visitor Grouping-IB published in a blog," In Feb 2015, for the commencement time e'er, a Trojan dubbed Corkow (Metel) gained control of a stock exchange trading last and placed orders worth a total of several hundred million dollars. In only 14 minutes attackers created abnormal volatility, which fabricated it possible to buy dollars for 55 rubles and sell them for 62 rubles. Every bit a result of the incident, a Russian bank suffered huge losses, although it was random traders rather than the hackers themselves that profited from it". (1) Further it by Grouping-IB stated, In Feb 2016, hackers tried to steal $951 million from the Fundamental Depository financial institution of Bangladesh via the SWIFT system. This company highlighted that cyberattack does not crusade just financial loss or data alienation but it can also exist used in spying and cyberterrorism. Corkow is besides known as Metel.

2016: In some other report past Criminal offense Russia, "Hackers from the Lurk team, which created the banking Trojan of the same proper noun, were able to steal more than than ane.7 billion rubles ($28.3m) from the accounts of Russian banks earlier being detained past the Interior Ministry building and the FSB in June 2016" [20]. Offense Russia highlights the case of Energobank where Metel's attack acquired the bank amercement of 244 million rubles ($three.7M). (20) The Kaspersky written in a blog," One way or another, the criminals stripped each victim bank of $2.5 mln to $x mln – the amount looks striking even when assessed individually".

Buhtrap is some other cyberattack. "Experts judge that the lowest amount stolen from a Russian banking company is $370,000 (25 meg RUB), and the highest amount is shut to $ix meg (600 meg RUB)" [21].

2017: HSBC 1 of the largest depository financial institution in earth as well every bit in Europe suffered from a cyber-attack in early on 2017. A report from The Week Newsletter stated, "HSBC customers were unable to access online banking services for the 2d fourth dimension in a month today, in the wake of an apparent cyber-attack" [22].

Asia

2010: Umashankar Sivasubramaniam Vs ICICI Banking concern is one of the famous phishing fraud case. Co-ordinate to Economic Times," In a verdict in the first case filed under the Data Technology Human action, Tamil Nadu IT secretary on Monday directed ICICI Banking company to pay Rs.12.85 lakh to an Abu Dhabi-based NRI within threescore days for the loss suffered by him due to a phishing fraud" [23].

2016: "ICICI Banking company, HDFC Bank and Axis Bank - the elevation 3 private sector lenders - confirmed in dissever statements some of their customers' card accounts had been possibly breached after use at outside ATMs" [24].

Co-ordinate to Offense Russian federation, "Another group, purposefully attacking banks, is Lazarus, the most famous theft of $81 million from the Bangladesh Banking concern in 2016" [xx]. Further it stated by Group-IB, In February 2016, hackers tried to steal $951 million from the Central Bank of Bangladesh via the SWIFT organization. This visitor highlighted that cyberattack does non cause only financial loss or information breach but it tin likewise be used in spying and cyberterrorism. Corkow is also known as Metel [1]. In some other incident of cyber-assail in Turkey Insurance Periodical stated, "Hackers targeted Turkish lender Akbank in a cyber-attack on the SWIFT global money transfer organization, the banking company said, adding information technology faced a liability of up to $4 million from the incident simply no customer information was compromised" [25].

2017: Taipei Times reported in 2017, "Far Eastern on Friday said it reported to the Fiscal Supervisory Commission that malware had been implanted in its computer organisation, which affected some of its PCs and servers, as well as the Social club for Worldwide Interbank Financial Telecommunication (SWIFT) network" [26]. The Focus Taiwan said," Through the planted malware, hackers conducted virtual transactions to move funds totaling nearly U.s.$60 1000000 from Far Eastern Bank customers' accounts to some foreign destinations such as Sri Lanka, Cambodia and the U.s.a., the depository financial institution constitute on Tuesday" [27].

2018: The Habib Bank Limited became a victim of ATM skimming. The Habib Bank Limited confirmed that over Rs10 million had been stolen from 559 of its accounts. [28] Dawn says, "Hundreds of thousands of rupees have been skimmed out of 32 accounts of a private bank located in the Saddar expanse of Rawalpindi, indicating the presence of ATM hackers in the twin cities including Islamabad" [29]. Another report by Dawn says," Several foreigners have been arrested for allegedly stealing data from banks using skimming devices at ATM facilities" [30].

Africa

2016: According to Serianu report, "cyber criminals employed a very complex cyberattack targeting ten organizations in banking, insurance, utilities and authorities across three countries in Africa." According to this report damages to cyberbanking and financial service sector (as a result of cyber-assault is highest among all sectors) that is $206m in 2016. At to the lowest degree 19 organizations in Republic of kenya accept been affected by the ransomware virus in an ongoing global hacking [31].

Australia

The cyberbanking, financial services and insurance sector are clearly one of the near prone industries to cyber-attacks, CBA which became a victim of cyber-attack in 2016.

Hundreds of thousands of Australians accept been targeted by a simulated Commonwealth Banking concern email designed to infect recipients with malware. Customers and noncustomers are vulnerable to the scam, which asks people to click to view a 'Secure Message' [32]. Furthermore, those who take the bait will in fact download a trojan used by cybercriminals to hack computers [32].

Results

In this written report 26 bank cases studied under the head of cyber-attacks. Findings are demonstrated in Tabular array 1.

Table 1: Demonstrating the major Cyberattcks on financial institutions from (2010-2018).

Cyberattacks on Fiscal Institutions 2010-2018 Demographics* Type of Loss
		Type of Loss			Total
		Financial Loss	Data Stealing	Customer Frustration
Demographics	Us	4	1	half dozen	eleven
	Europe	ii	1	2	5
	Asia	6	three	0	nine
	Africa	-			-
	Australia	0	1	0	1
Total		12	vi	8	26

Give-and-take

Evidences conclude that cyber-attacks impact on financial institutions in the post-obit ways:

 Direct Loss

 Indirect Loss

Direct and indirect loss can be further classified in to two categories. Tabular array 1 demonstrates categorized losses suffered by financial institutions as a issue of cyber-attack (Figure 2).

Figure two: Demonstrating the possible losses as a consequence of cyber-attack on financial establishment.

 Cyber criminals gain remote access to the systems where they can administrate all data.

 They can cause a financial loss (by making faux transaction).

 They tin can steal the confidential information and they tin can sale it, even they can use it for spying or terrorism.

 They can target customers by attacking on arrangement. Information technology may result into customer frustration or client identity theft.

 Organization's public image can exist destructed for insufficient information security compliance.

From the above findings in Tabular array ane, information technology can exist noted that financial losses are highest in ranking followed past client frustration and data breach. In improver to the in a higher place information technology tin can be noted cyber-attacks on US banks in the duration 2010-018 were more frequent among all demographics. African banks are besides one of the victims of cyberattack but no private depository financial institution case found from secondary information that could be included in this study but overall sufferings are mentioned above.

Preventive Measures

It has been witnessed that every time cyber criminals use a tool or a tactic to break security. It could be in form of malware, DDos assail, Phishing, drive past download or countersign stealing. But organizations tin forbid from cyber-set on equally given in Figure 3.

Figure 3: Demonstrating the methods to prevent from cyber-attacks.

Conclusion

Cyber issues are global bug now. It can be noted that there is no discrimination of developed or underdeveloped countries. These attacks are not boundary restricted. At that place is no way to escape from the fact that the well-nigh target organizations are financial institutions because money, information and public are most associated with them. It can be concluded that banks equally a financial institution contain higher cyber take chances as compare to other institutions. Virtually of the time motive of cyber criminals is to gain financial advantage or to frustrate the customers. Only institutions tin can fight by working very actively. Organizations must be updated with latest tools and tactics used by hacker to gain any illegal advantage. In improver to the above, white hat hackers study the organizations from cyber threat. Organizations should pay attending to their reports and must encourage White-Lid hackers by first-class rewards and bounties so cyber-criminals may be discouraged.

References

1. Sachkov I (2017) Targeted attacks on banks. https://www.group-ib.com/blog/polygon
2. 2017 was a great twelvemonth for identity thieves. https://www.myidcare.com/articles/unmarried/2017-was-a-great-year-for-identity-thieves
3. Cherepanov A, Jean-Ian B (2016) Modern attacks against Russian financial institutions.
4. Pettersson Yard (2012) Banks likely to remain top cybercrime targets. Symantec Corporation, Excutive Report.
5. (2014) The Digital Currency Phenomenon.
6. Shaw L (2016) The meanings of new money: Social constructions of value in the rise of digital currencies. University of Washington.
7. Aggarwal P, Arora P, Neha, Poonam (2014) Review on cybercrime and security. International Journal of Research in Engineering and Applied Sciences, p. 51.
8. National Cyber security policy framework for S Africa. Government Publication.
9. (2017) Global Cybersecurity Report 2017. Nexia International Limited.
10. Siklos P (2001) Money, banking and financial institutions: Canada in the global environment.
11. https://www.grouping-ib.com/blog/polygon
12. Business Twenty-four hour period. The New York Time.
13. McCoy DC, Kevin (2014) Concern Day. https://world wide web.usatoday.com/story/money/business/2014/ten/15/depository financial institution-of-america-earnings/17275409/
14. Goldman D (2018) CNN Coin. http://coin.cnn.com/2012/09/27/technology/banking concern-cyberattacks/index.html
15. https://world wide web.myidcare.com/articles/single/2017-was-a-great-yr-for-identity-thieves
16. Winter TC, Tom (2016) U.S News. https://world wide web.nbcnews.com/news/the states-news/iranians-charged-hacking-attacks-u-southward-banks-dam-n544801
17. https://www.myaccountingcourse.com/accounting-dictionary/financial-institution
18. Collinson P (2015) Business. The Guardian. https://www.theguardian.com/business/2015/jul/31/rbs-and-natwest-customers-complain-of-online-problems
19. Inquiry Zacks Equity (2015) 5 Cyber security stocks to alter how nosotros protect our data.http://world wide web.nasdaq.com/commodity/5-cyber-security-stocks-to-change-how-nosotros-protect-our-data-cm531047
20. High Contour Cases (2017) Hackers of Russian grouping cobalt attacked 250 companies around the globe.
21. Kovacs E (2016) Buhtrap gang steals millions from russian banks cybercrime. http://www.securityweek.com/buhtrap-gang-steals-millions-russian-banks
22. The Week. HSBC shares rise later on £1.5bn buyback pledge. The Weekday Newsletter.http://world wide web.theweek.co.great britain/hsbc/63926/hsbc-profits-slides-past-well-nigh-a-5th/page/0/vi
23. Agencies ET Bureau (2010) ICICI Bank told to pay Rs thirteen lakh to NRI client. https://economictimes.indiatimes.com/industry/banking/finance/banking/icici-depository financial institution-told-to-pay-rs-13-lakh-to-nri-customer/articleshow/5798944.cms
24. Tripath D (2016) Security breach feared in up to 3.25 million Indian debit cards. https://in.reuters.com/commodity/india-banks-atm-fraud/security-alienation-feared-in-up-to-iii-25-million-indian-debit-cards-idINKCN12K0CE
25. Altayli CS, Birsen (2016) Turkey's akbank faces possible $4m liability later cyber-assault but it's insured. Insurance Journal.
26. https://www.usatoday.com/story/coin/business organization/2014/10/fifteen/bank-of-america-earnings/17275409/
27. Cheng-wu S, Chien-pan L, Yi-chu T, Huang F (2017) Lai orders data security review.
28. Aybub I, Iqbal S (2017) Rs10m stolen from 559 bank accounts in ATM fraud. https://www.dawn.com/news/1374623
29. Tahir N (2018) 32 bank accounts compromised in Rawalpindi ATM skimming incident. https://www.dawn.com/news/1383524
30. Ali I (2018) four Chinese nationals arrested in another ATM skimming incident in Karachi. https://www.dawn.com/news/1382925
31. Nairobi (2017) WannaCry ransomware virus hits 19 Kenyan firms. The Indian Limited. http://indianexpress.com/article/technology/tech-news-technology/wannacry-ransomware-virus-hits-nineteen-kenyan-firms-4665265/
32. McRae J (2016) Malicious Republic Banking company fraud e-mail targets hundreds of thousands of Australians.https://www.mailguard.com.au/blog/malicious-commonwealth-banking company-fraud-email-targets-hundreds-of-thousands-of-australians

duncanwilisting.blogspot.com

Source: https://www.icommercecentral.com/open-access/impact-of-cyberattacks-on-financial-institutions.php?aid=87130

Share this post