Home Hacking How a bank got hacked (a study in how not to secure your networks)

How a bank got hacked (a study in how not to secure your networks)

by

Robbing a bank is easier than you might think, especially if you don’t care which bank you rob, according to a “how to rob a bank” manifesto by the apparently vigilante hacker Phineas Phisher. The PwC incident response report, which Phineas Phisher leaked, backs up that claim. The report details the intrusion to management at the robbed bank, Cayman National Bank (Isle of Man) Limited (CNBIOM) and its sister company, Cayman National Trust Company (Isle of Man) Limited (CNTIOM).

(PwC declined to comment on the Cayman National breach or the leaked report, which indicates that fraudulent transactions cleared. In a press release, Cayman National acknowledged the attack, claiming, “At this time, there is no evidence of financial theft or fraud relating to CNBIOM or CNTIOM clients, or to Cayman National.” It made no reference to a financial loss by the bank itself.)

Reviewing the methods Phineas Phisher used offers insight into how vulnerable our financial infrastructure is to attackers and provides a glimpse into how a modestly skilled individual, or group of individuals, got away with a bank heist.

Who is Phineas Phisher?

Phineas Phisher, who has previously claimed responsibility for hacking the notorious cyber-mercenary groups Gamma Group and Hacking Team, claims to be a private individual whose stated goals are anti-capitalist, anti-imperialist, and anti-surveillance. Some suspect Phineas Phisher is a nation-state sponsored hacking group, but there is no way to know.

The hacking tools used in the 2016 bank heist were off-the-shelf penetration testing tools like PowerShell, Mimikatz and a garden-variety crimeware remote access tool (RAT). This means that if Phineas Phisher can do it, any number of modestly skilled attackers could as well. This makes the Cayman National attack a case study in how not to secure your networks (or how to rob a bank, depending on your point of view).

Let’s break out how the heist went down.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More