Russian police to target credit-card credential thieves

Russia is planning to find ways to fight cyber-criminals specialising in the theft of bank-card personal data.

Russian police to target credit-card credential thieves
Russian police to target credit-card credential thieves

The Russian government, together with the Ministry of Internal Affairs aim to design a package of measures to fight cyber-criminals specialising in the theft of bank-card personal data according to an official Ministry spokesman.

Alex Monkov, an official spokesman for the Russian Ministry of Internal Affairs department dealing with cyber-crimes told SCMagazineUK.com that the number of cyber-attacks targeting personal data of cardholders in Russia has significantly increased this year.

Russian Ministry of Internal Affairs data reports that during the period January-May this current year hackers gained unauthorised access to the personal bank card data of more than 64,000 Russian citizens, achieved using classic social engineering and deception schemes.

Consequently thefts from personal banking accounts in Russia increased by 15 percent during this period compared to the same period last year, with a value of 270 million rubles (US$8 million) stolen.  

Hackers use a variety of attacks, one of the most popular involving making a call to people allegedly on the behalf of their bank, asking them to provide their bankcard data, in particular its number, CVV, PIN-code, etc).

The scheme also involves either programming interactive voice response services  during these calls, or sending e-mail messages to customers of the banks with the links and files, focused on their needs and interests. Opening of these attachments results in the downloading of a computer virus by the customers.

One of the new scams to steal personal bankcard data is focused on people selling products via various Internet resources. In this scheme, the potential buyer to make a deposit for a product on the seller's bank card.  This involves the request by a buyer," (which is addressed to the seller) to provide the authorisation code for the transfer, which is sent on the phone, and whose disclosure results in the theft of money from the banking card of the customer.

 The scheme first appeared in Russia at the end of 2015 and, according to estimates by the Russian Ministry of Internal Affairs, there have been more than 1,000 victims in Russia.

According to Dmitry Kuznetsov, head analyst of financial markets, based in Positive Technologies' Moscow research centre, social engineering currently accounts for 4% of the total number of cyber attacks both in Russia and the EU states.

As Kuznetsov told SC the main method of attack involves the use of viruses, which infect computers with malware program, performing banking transactions on behalf of the owner of the computer without his knowledge.  Almost a quarter (24%) cases of cyberattacks, according to Kuznetsov is the direct result of hacking of banking systems, and the 72% are the attack on legal entities.

According to him, widespread of social engineering at present makes banks and their customers very vulnerable to cyberattacks.

Experts predict that the damage from the actions of hackers who actively use social engineering will grow rapidly, as this method is less expensive and allows to leave no traces in the network.