Joint efforts of Kaspersky and INTERPOL helped prevent cybercriminals from stealing funds from a central bank in Latin America.
Kaspersky experts discovered the incident when the attackers were attempting to find partners to help them conduct additional malicious activity. This sort of scheme has become particularly common over the past few years, wherein different groups are responsible for different stages of an attack.
There are those that initially penetrate the victims’ systems, those that conduct the actual attack (e.g. encrypt and steal data), and those that demand the ransom and manage the financial aspect of the attack.
Kaspersky discovered the data, that was offered by the attackers to third parties as evidence that they had access to the organization. The experts analyzed the stolen data and found out that the attackers were able to gain access to the entire infrastructure of the Latin American central bank, including the systems for international money transfers.
In order to prevent any further malicious activity, Kaspersky promptly notified INTERPOL and the International Payments Framework about the attack. After conducting a joint investigation, all vulnerabilities in the corporate networks of the bank were closed and any opportunities for additional attacks were blocked.
Stephen Kavanagh, Executive Director of INTERPOL Police Services, INTERPOL, said: “Over the past few years, we’ve seen many ransomware attacks carried out by these ‘hybrid’ teams. Previously, however, their targets were mainly commercial companies.
“We are happy that together, with our partner Kaspersky, we were able to prevent an attack that could have affected the region’s economy. It is only through effective co-operation on the international level and striving to be ahead of the curve that we will be able to effectively protect the global community.”
Sergey Golovanov, Chief Security Expert at Kaspersky, said: “We learned that the attackers had found a loophole that allowed them to gain access to the central bank’s infrastructure. When countering such attacks, international co-operation coupled with the ability to act quickly is critical.
“That’s why, as soon as we gathered information about how the attackers were operating, we notified INTERPOL. Such well-co-ordinated and precise co-operation made it possible to thwart the attackers before real damage to the organization occurred.”