In what he believes is an attack gaining “unprecedented access” Paul Glass, Senior Associate at Taylor Wessing believes the group’s hacks are another example of where banks need to ensure they educate their staff on the need for vigilance against potential malicious email attachments or software as well as more sophisticated system monitoring.
His full comment on the wider implications posed by such attacks is below.
Paul Glass, senior associate in the Disputes and Investigations at international law firm Taylor Wessing:
"This is an extremely sophisticated attack that used a number of methods of obtaining money from a wide range of banks. However, the entry point into the banks was a tried and tested technique – spear phishing. The current information is that access was gained via malicious attachments to emails, which staff will then have opened. This is another example of the importance of education of staff, both to minimise the risk of opening attachments that contain malicious payloads, and to take immediate action if they realise that they have opened a malicious attachment. The human element of risk can never be removed entirely, but banks should be ensuring that their training and education programmes are as effective as possible, particularly given the substantial financial impact of this attack. The attack also demonstrates the need for sophisticated monitoring of the "known good state" of systems. Even though sophisticated malware will try to cover its tracks, there will usually be an impact on the "known good state" which can be used as a starting point to identify that there has been an attack."
"The use of remote systems administration tools meant that attackers were able to obtain unprecedented access to bank systems, and use a variety of techniques to steal money. The attackers gained access, then waited, gaining intelligence and deepening their access to systems – a classic advanced persistent threat approach. What makes this attack more dangerous than usual is that the attackers used whitelisted software which many of the banks themselves allow for system administration. Regulators will want detailed explanations from the affected banks as to how access was obtained, the extent of compromise of each bank's systems, and how such a serious attack went undetected for many months. The clean-up operation within affected banks will be enormous."