Hacktivists and cyber extortionists hit Greek, Russian, UAE banks

A number of “regular” and central banks across Europe, Russia and Asia have been targeted by cyber attackers.

Last week, in the wake of Turkey downing a Russian military plane and the consequent political squabbles between the two countries, Turkish hacktivists mounted a powerful DDoS attack against the website of the Russian Central Bank, taking it offline for a mere 10 minutes, enough to send a message.

Several weeks before that, Armenian hackers defaced the Mortgage Fund sub-domain (amf.cbar.az) of the Azerbaijan Central Bank website and stolen customer data from it, which they leaked online.

Two weeks ago, an unnamed bank based in Sharjah, United Arab Emirates, has been breached by a cyber criminal who managed to exfiltrate sensitive data belonging to the bank’s customers.

The hacker, who goes by “Hacker Buba”, has threatened to leak the stolen information if the bank doesn’t pay $3 million in Bitcoin.

The bank has refused to do so, and the hacker has been steadily publishing the data via Twitter. The bank has been working in conjunction with the authorities, the UAE Central Bank, and the Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) to try and minimize the impact of the attack.

Having received no money from the bank, the hacker turned to targeting the customers. Armed with their personal information and email address, he has been contacting them and threatening to release their personal, corporate and financial information online if they or the bank doesn’t pay up. They haven’t, and the hacker fulfilled his threat.

Customers are understandably incensed, and blame the bank for lax security and for the fact that the bank didn’t notify them of the breach. It is still unknown how the hacker managed to find a way into the bank database and gather back up files from all its servers (as he claims to have done).

Finally, three Greek banks have been hit with DDoS attacks that made their online banking sites inaccessible for a few hours. The attackers, ostensibly a group of hackers that call themselves “Armada Collective”, demanded a ransom in Bitcoins in order to stop the attacks.

Again, the banks haven’t paid the asked-for money. They have managed to put a stop to the attacks, and have assured its customers that their networks have not been penetrated and that no customer data has been stolen.

“These kind of threats should be handled full force by authorities up the point where individuals involved in the activity are apprehended and indicted,” commented Amichai Shulman, CTO of Imperva. “I’m not suggesting that banks and other organizations do not take any measures to protect their data assets and online presence (much like I don’t suggest people to stop locking their doors). However, this must not be the end game for handling cyber security threats. Putting the right DDoS protection in place is just the first line of defense that must be followed by authorities taking actions against offenders.”

Don't miss