Cyber Glitches
Cyber Glitches
Russian Hackers Suspected of Sweden Cyber Attack, Australia sanctions Russian over Medibank cyberattack, Global financial system underprepared to deal with cyberattacks.
UPDATE: Online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group, IT consultancy Tietoevry said.
The federal government has named and sanctioned Russian citizen Aleksandr Ermakov over his alleged involvement in the Medibank cyber attack.
The ransomware attack on the Industrial and Commercial Bank of China, which resulted in a disrupted US Treasury market in November, provides yet another example of the issues the financial sector faces when dealing with cyberattacks.
Russian Hackers Suspected of Sweden Cyber Attack
By AFP
Online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group, IT consultancy Tietoevry said.
The Swedish-Finnish group, which provides online security systems, said the problem could take weeks to fix.
It said one of its data centers in Sweden was attacked overnight from Friday to Saturday, knocking out online purchases at the country's biggest cinema chain as well as some department stores and shops.
The centralized human resources system used by Sweden's national government service center (Statens Servicecenter) was also affected, making it impossible for public sector employees to declare their overtime hours, sick leave or holiday requests.
"Considering the nature of the incident and the number of customer-specific systems to be restored, the restoration process may extend over several days, even weeks," Tietoevry said in a statement issued late Monday.
"120 government agencies and more than 60,000 employees" were affected by the attack, Statens Servicecenter spokeswoman Caroline Johansson Sjowall told AFP.
Tietoevry and other cyber security experts have pointed the finger at hacker group Akira, which has ties to Russia.
Tietoevry said it had filed a police complaint regarding the attack, the financial impact of which it "was not able to fully assess" yet.
Read more here.
Australia sanctions Russian over Medibank cyberattack
By Richard Chirgwin
The federal government has named and sanctioned Russian citizen Aleksandr Ermakov over his alleged involvement in the Medibank cyber attack.
Aleksandr Ermakov, 33, was allegedly involved in the unauthorized release and publication on the dark web of Medibank customer data following an October 2022 ransomware attack, according to the Australian Signals Directorate.
Ermakov, also known by his alias “Gustave Dore” and “blade_runner,” is believed to be part of the infamous Russian cybercrime group REvil — one of the most active ransomware gangs.
“This is the first time an Australian government has identified a cybercriminal and imposed cyber sanctions of this kind, and it will not be the last,” said Clare O’Neil, the Australian minister for home affairs and cybersecurity.
The hackers gained access to the personally identifying information of approximately 9.7 million current and former customers of Medibank and cost the insurer $46.4 million in the 2022-2023 financial year alone. The stolen records included sensitive medical information, such as records on mental health, sexual health and drug use. Some stolen data was posted on the hackers' darknet website before it was taken offline.
After Australia announced the sanctions on Monday, the U.K. and the U.S., who were involved in the investigation of the Medibank hack, followed suit on Tuesday.
The trilateral action between Australia, the U.K., and the U.S. — the first such coordinated “AUKUS” effort — "underscores the collective resolve to hold these [Russian] criminals to account," according to a statement by the U.S. Department of Treasury.
The sanctions are imposed under the Autonomous Sanctions Amendment (Magnitsky-style and Other Thematic Sanctions) Act 2021. It’s the first time the sanctions powers, passed in December 2021, have been used against a cyber threat actor.
Foreign minister Penny Wong, deputy prime minister Richard Marles, and O’Neil said the AFP and the Australian Signals Directorate continue to “pursue other leads”, working with other departments and international partners.
The only previous use of the sanctions powers came in March 2022, when then foreign minister Marise Payne applied the sanctions to 39 Russian individuals accused of involvement in the death of Sergei Magnitsky, whose name is carried in the legislation.
The Australian authorities have been investigating Medibank's attack for 18 months. They identified the perpetrators of the hack last November but didn't name them, describing the hackers as "a group of loosely affiliated cybercriminals" from Russia.
In response to an email inquiry from Recorded Future News, Ermakov denied any wrongdoing. "I don’t understand how this applies to me at all, I don’t do anything like that," he said.
Additional reporting by Alexander Martin.
Global financial system underprepared to deal with cyberattacks
Cybersecurity should be central to financial risk assessments
By Julian Jacobs
The ransomware attack on the Industrial and Commercial Bank of China, which resulted in a disrupted US Treasury market in November, provides yet another example of the issues the financial sector faces when dealing with cyberattacks.
Cyberattacks pose substantive risks to individual institutions and the financial system at large. Attacks – from state actors, criminal groups or individual hackers – can take the form of cash theft, data corruption, payment disruption and leakage of the often highly sensitive information financial institutions hold.
The transmission of such cyberattacks into threats to financial stability primarily occurs through a breakdown of trust. A loss of confidence in financial markets and the economy poses liquidity risks, spurring bank runs, capital flight and broad market panic. Such a contagion could create losses and significant price fluctuations.
Yet there are additional transmission risks that are under-discussed. Chief among them is the issue of financial market concentration. Many emerging markets are digitalising their financial sectors without adequate protection against cybercrime. If developed markets can more adequately protect their financial system from attacks, this might spur a movement of activity towards those markets and their local currencies.
At an individual bank level, the mechanism is the same. Banks with worse cybersecurity protections may see their demand fall in favour of those with better records. This may kindle trends observed in the US, where smaller regional banks have teetered as major institutions experience an influx of demand. These shifts were similarly spurred by a loss of confidence in smaller, more risk-prone banks.
The irony is that this concentration – at both the bank and individual country market level – poses new risks. Although it may be harder to attack larger and better-resourced institutions and markets, the impact of a hacker successfully doing so would be far more damaging, especially amid higher concentration.
Financial firms are investing heavily in cybersecurity. Yet artificial intelligence-enabled malware and hacking tools can be a leveller. Amid a rapidly changing technological landscape, there is a risk that banks will not adequately anticipate the methods of attack that hackers will use.
Cybercrime risk mitigation can involve a cocktail of encryption, multi-factor authentication, hardware security modules, collaboration with cybersecurity consultants or exports and the use of the cloud. Though it is difficult to draw neat comparisons, many central banks appear to be lagging in the development of these sorts of rigorous cybersecurity provisions. However, there is a lot of variation across institutions, markets and regions. Some financial institutions additionally offer stress testing, which involves assessing how rapidly they could deploy liquidity, capital and key services in the event of a compromising cyberattack.
What should be done?
Cybersecurity should be included explicitly within assessments of financial stability risk. Engaging in cybersecurity stress testing is a good start, but more needs to be done to quantify the potential impact of a major attack. Better data and modelling techniques are likely to help since they allow institutions to understand the costs of attacks more effectively and determine how best to respond.
Relatedly, there is a need for greater regulatory convergence to create international co-operation and shore up the financial system in the face of growing attacks, which would hurt the global flow of capital and trade. Sharing information – between counties as well as between the private and public sectors – can help protect institutions from attacks. Overcoming barriers emerging from uneven regulation could involve smoothing out global national security and data protection laws.
Perhaps most important for financial firms and central banks is to seriously consider their response in the event of a successful attack. Complete deterrence of all cyberattacks may be impossible using existing technology. Yet financial institutions can help protect global financial stability in the face of such attacks by ensuring that they will always be able to resume operations quickly. Doing so can avert some of the risks associated with market panic and loss of confidence, as well as the implications for liquidity and capital flows. The importance of adopting such tests may be greatest for smaller markets where attacks could be more likely to succeed – due to more limited infrastructure – and spur capital flight.
Greater deterrence may help with this. Global efforts – such as identifying and disrupting cyberattackers – could make cybercrime riskier and more expensive.
AI could also be leveraged. Cyber criminals are using AI tools to bolster the effectiveness of cyberattacks. As these AI systems become more complex and robust, financial institutions may find that developing their AI-enabled cybersecurity system is the best way to combat attacks from weaker AIs. Given the speed and sophistication with which the most advanced AI systems can hack, it may be that the best police for an AI hacker is a more powerful AI.
Finally, blockchain-based initiatives theoretically could help protect financial institutions from cybercrime. Distributed ledger technology provides significant protections that other payment systems do not. Proposals such as Worldcoin – a cryptocurrency project – could greatly reduce fraud through biometric-based payment verification. Yet there are risks to the further deployment of blockchain-based solutions.
There is considerable heterogeneity across the financial system. Large banks tend to have highly advanced cybersecurity provisions, while smaller ones are likely to have ‘weaker’ systems because they have invested less in protections. Yet determining what counts as a ‘strong’ versus ‘weak’ system is not always obvious. There is similar variation across global central banks, with smaller market central banks having less robust cybersecurity.
Cybersecurity regulations and safety at the global and individual financial market levels remain underdeveloped. Over half of central banks or supervisory authorities do not have a national cyber strategy for the financial sector, and just under half have no cybercrime regulations. Regulatory harmonization between countries remains weak. However, some global institutions – such as the Financial Stability Board, Committee on Payments and Market Infrastructure and Basel Committee – have begun to strengthen coordination and foster convergence in regulation.
Read more here.