Karshi branch of tashkent university of information technologies named after mukhammad al-khorezmi
party vendor in their supply chain
Download 1.05 Mb. Pdf ko'rish
|
MAIN DIPLOMA WORK (2)....
- Bu sahifa navigatsiya:
- 1.3. Damages caused by a cyberattack on banking systems and their consequences.
party vendor in their supply chain. Supply chain attacks make it possible for cyber attackers to circumvent security controls by creating avenues to sensitive sources through a target's third-party vendor. Because, statistically, vendors don't take cybersecurity as seriously as their users, their compromise is generally a much easier endeavour; and because third-party vendors store sensitive data for all of their clients, a single compromise could impact hundreds of companies. 36 To defend against supply chain attacks, it's suggested for financial sectors to implement a Zero Trust Architecture with secure Privileged Access Management policies. The inclusion of these initiatives in Biden's cybersecurity executive order confirms their efficacy in mitigating supply chain attacks. Supply Chain Attack Statistics in the Financial Industry Most third-party vendors are not prepared for cyberattacks From the supply chain attacks analyzed by the European Union Agency for Cybersecurity, 66% of compromised suppliers either did not know or failed to report that they were breached. This statistic highlights the concerning deficiency of cyber resilience amongst vendors and the desperate need for a third-party risk management program to address this deficit. Supply chain Attacks Expected to Increase by four-fold between 2020 and 2021 The European Union Cybersecurity Agency (ENISA) forecasts that 2021 will see a 4x increase in supply chain attacks compared to 2020. 1.3. Damages caused by a cyberattack on banking systems and their consequences. The representative of the Bank of Russia Federation, in a conversation with Vedomosti, explained that cases of theft of funds in banks in 2022 were associated with vulnerabilities in informatization objects and imperfection of business processes. In Russia in 2022, targeted attacks on banks with the withdrawal of money through an ATM network, card processing or SWIFT system almost totally stopped, a Group- IB employee told the newspaper. However, he warned that financial fraud and phishing remained at a fairly high level. 37 According to RTK-Solar, the main threat to the financial sector is highly qualified hacker groups, since the perimeter of banks and other large financial organizations is usually well protected and certain technical knowledge and large financial investments are needed to hack it. The head of the cyber threat analytics department at RTK-Solar Darya Koshkina said that attacks by medium and low-skilled attackers are mostly aimed at bank consumers - these attacks use social engineering to directly steal money from accounts. Attackers do not focus much on the scale of a financial sector, both small and large market participants are attacked, said Yana Yurakova, an analyst at the Positive Technologies research group. [4] Hackers stole almost 4 billion rubles from customers of Russian banks in the third quarter Hackers stole nearly 4 billion rubles from customers of Russian banks in the third quarter. This is about 24% more than a year earlier, the Central Bank said in November 2022. Losses of banks in the United States amounted to $1.2 billion due to ransomware attacks On November 1, 2022, the US Financial Crime Agency (FinCEN), part of the Treasury Department, revealed the scale of payments that the country's banks made as a result of ransomware attacks. The total amount exceeds $1.2 billion. In 2021, US financial institutions recorded 1,489 incidents related to attacks in which cybercriminals tried to get a ransom from their victims. For comparison: in 2020, 487 similar incidents were recorded. Thus, the intensity of attacks of this type has tripled. FinCEN says ransomware continues to pose a serious threat to critical US infrastructure sectors, businesses and ordinary citizens.[4] 38 Fraudsters stole 13.5 billion rubles from bank customers, banks were able to return only 6.8% On April 12, 2022, it became well-known that in 2021, fraudsters stole 13.5 billion rubles from bank users, making more than 1 million unauthorized transfers from bank cards and accounts. Of these funds, banks were able to return only 6.8%, or 920 million rubles, to the affected citizens of the Russian Federation. According to RBC, referring to the Bank of Russia, the level of refund fell for the second year in a row against the background of an increase in theft. The number and volume of fraudulent transfers last year increased by 33.8% and 38.8%, respectively, compared to the previous year. According to the regulator, this is due to the development of new remote payment services and an growth in the volume of money transfers. The principal method of theft of funds from fraudsters remains social engineering - psychological impact on the victim. Another 4.1 billion rubles were stolen by fraudsters when paying for goods and services on the Internet. In 2021 Russia , it was proposed to introduce a mandatory refund amount for theft from accounts. This initiative was made by the Central Bank. [4] Fraudsters stole $35 million from a UAE bank with the help of a deep fake of the voice of its head In mid-October 2021, it became well-known that the criminals took possession of a huge amount of $35 million from a bank in the UAE, imitating the voice of the head of the bank using advanced artificial intelligence. They reportedly used a deep fake to mimic a legitimate commercial transaction linked to the bank. In Spain, 16 fraudsters were arrested who stole about €276.5 thousand from bank customers. 39 The Spanish Law enforcement officials arrested 16 people linked to the use bank trojans of Mekotio and Grandoreiro as part of a damaging campaign targeting financial facilities in. To Europe It was reported on July 15, 2021. Arrests were made in Madrid, Parla and Mostoles (Madrid), Seseña (Toledo), Villafranca de los Barros (Badajoz) and Aranda de Duero (Burgos) in Operation Aguas Vivas. Using malicious software installed on the victim's computer, criminals could transfer large amounts of money into their accounts, police said. The police confiscated computer equipment, cell phones and documents, and analyzed more than 1.8 thousand spam emails, which allowed law enforcement agencies to block transaction attempts totaling 3.5 million euros. The proceeds of the criminals amounted to 276,470 euros, of which 87 thousand euros were successfully returned. Cyber fraudsters sent potential victims phishing emails allegedly on behalf of legitimate delivery services and government agencies such as the Spanish Treasury. In the letters, clients were asked to follow a link that quietly downloaded malicious software to a computer system. Mekotio and Grandoreiro malware allows operators to intercept transactions on the bank's website and unauthorized redirection of funds to accounts under the control of cybercriminals. To carry out fraudulent purposes, criminals hacked at least 68 email accounts belonging to official authorities. Grandoreiro and Mekotio (also known as Melcoz) are part of the Brazilian banking Trojan family, which also includes Guildma and Javali malware. Operating since at least 2016, Grandoreiro has been used to attack clients in Brazil, Mexico, Portugal and Turkey. Mekotio, on the other hand, was seen in attacks targeting Brazil starting in 2018, and then operators started attacking users in Chile, Mexico and Spain. 40 Mekotio allows you to steal passwords from browsers and device memory, supplying remote access to Internet banking operations. The malware also contains functionality for stealing the addresses of bitcoin wallets [4] In the 1st quarter, 2.9 billion rubles (+ 57%) were stolen through unauthorized transfers According to the Central Bank of Russia, in January - March 2021, fraudsters stole 2.9 billion rubles through unauthorized transfers. This is 57% more than in the first quarter of last year. Of this amount, banks were able to return only 7.3% to customers. For comparison: in the first quarter of 2020, fraudsters stole 1.8 billion rubles, and banks returned - 11.3%.[4] In 2020 Cybercriminals stole 9.77 billion rubles from the accounts of Russians. On April 12, 2021, the Bank of Russia reported an growth in losses of Russian people’s from cyber fraudsters by 52% in 2020, to 9.77 billion rubles.. The return volume was 11.3%. In 2019, banks were able to reimburse consumers 14.6% of the funds. Such information are provided in the yearly review of the Information Security Department of the Bank of Russian Federation. As explained in the Central Bank of the Russian Federation, credit organizations do not return money if the user violated the terms of the agreement regarding the preservation of confidentiality of payment information. At the same time, the total proportion of non-consensual operations performed using techniques and methods of social engineering decreased from 68.6 to 61.8%. The average amount of each operation without the consent of the client on the accounts of individuals in 2020 amounted to 11.4 thousand rubles, legal entities - 347.8 thousand rubles. 41 The Central Bank classifies as cyber fraud all operations performed without the consent of consumers using electronic means of payment. The regulator emphasizes that frequently such crimes are committed using social engineering methods, whenever fraudsters on the phone convince their victims to deceive them to issue card or online bank data In [5] . Sverdlovsk scammers stole 1 million rubles from the bank Sverdlovsk scammers stole 1 million rubles from the bank by using a unique scheme. This became known on 28 2020. According to the press service of the Ministry of Internal Affairs of the Russian Federation, the group was allegedly engaged in theft of funds from one of the Yekaterinburg banks by unauthorized write-off of funds to pay for gasoline at gas stations in Yekaterinburg and the Sverdlovsk region. The fraudulent scheme was as follows. The attackers lowered the fuel gun into the refueling tank or into the fuel tank of the car, entered an amount on the terminal display that requires refueling equal to the amount of money on the card, and thus authorized the fuel filling process. When gasoline began to flow, through the personal account, fraudsters changed the account with a positive balance to an account without money. In this regard, the bank was forced to allow an overdraft (overspending of credited funds) on the card of fraudsters and pay for refueling at its own expense. Drivers, most often taxi drivers, fraudsters sold gasoline for half the price. This happened at gas stations with automatic payment terminals. With the help of the above scheme, which had not previously been met by the police, the attackers stole more than 1 million rubles from the bank, committing 30 facts of theft. The investigative unit of the Main Investigative Directorate of the Main Directorate of the Ministry of Internal Affairs of Russia in the Sverdlovsk Region initiated a criminal case on the grounds of corpus delicti under paragraph "d," part 3 of Art. 158 of the Criminal Code of the Russian Federation ("Theft from a bank account"). The 42 sanction of the article provides for the maximum punishment in the form of imprisonment for up to 6 years. The judge of the Verkh-Isetsky court chose the members of the criminal group a preventive measure in the form of house arrest for a couple of months. At the end of October 2020, the investigation continues, extra episodes of theft are being established [4] . In January-August, the number of thefts from bank accounts amounted to 107.2 thousand. In January-August 2020, the number of thefts from bank accounts amounted to 107.2 thousand, which is twice as much as the indicators of the same period in 2019. This became known on October 14, 2020. Such incidents began to be recorded two or more times more often in 35 subjects, according to the information of the General Prosecutor's Office. They note that each fifth fact of theft in Russia is associated with the theft of money from citizens' accounts. Also, for eight months of 2020, the number of cases of fraud committed using electronic means of payment doubled. Totally, 20.8 thousand such crimes were recorded, the growth of which is observed to varying degrees in 90% of the regions. In absolute terms, there are most of them in the Saratov (2.2 thousand) and Omsk (1.7 thousand) regions, follows from the report. The materials of the Prosecutor General's Office do not indicate how much funds were stolen by fraudsters. The Central Bank announced to the publication a growth in the activity of hacker groups in 2020. But the effectiveness of attacks on banks did not grow compared to 2019. They did not answer the question about the total amount of damage caused by fraudsters to consumers of banks and other financial sectors [4] . 43 • Colombia was the hardest-hit country by cyberattacks in 2019, with 93.9% of all surveyed companies being compromised at least once previous year (Cyber Edge 2021 Cyberthreat Defense Report) Download 1.05 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling