Even as Russia’s war against Ukraine in Donbas drags on, and cyber attacks on Ukrainian power grids and other infrastructure become more common, Ukraine faces another threat – cybercrimes in the banking sector.
Experts at the Cyber Security breakout session of the Kyiv Post’s Tiger Conference on Dec. 5 discussed the main threats, and the best virtual defenses, and had some suggestions for the government.
In recent years there have been several big cyber attacks on Ukraine, including ones using the Petya and NotPetya ransomeware viruses, and attacks on Ukrainian electricity grid systems, railways, medical databases, and others. However, overall, 99 percent of the country’s cybercrimes are committed in the financial sector, Dmytro Shymkiv, the deputy head of the Presidential Administration, said at the session. The crimes include the theft of money from banking cards, ATMs, and fraud using fake identities.
“For the majority of people in Ukraine, cyber security or cybercrime is connected to the financial industry,” Shymkiv said, referring to public opinion polls.
However, Ukraine still has one of the lowest rates of banking fraud for the Visa financial corporation in the world, Hector Rodriguez, Visa’s risk officer for the CEMEA region said. Under-reporting and declined transactions might be among the reasons, he added.
To strengthen the system, Ukraine has already introduced the EMV technical standard for payment terminals, using chips and making every transaction unique. At the same time, only 35 percent of the transactions are conducted with protected chip to chip connections, according to Rodriguez.
Rodriguez said the main cybersecurity risk in the banking sector is that consumers aren’t aware of how to protect their information and can easily share it with the criminals. Among the most widespread scams is for thieves to call and ask for banking data while pretending to be a bank worker.
Simple steps, like spreading awareness among clients, protecting passwords and other data, choosing chip cards and payment systems with two-factor authentication can prevent fraud, Rodriguez said.
But with the spread of modern technology, another threat as appeared on the horizon – hacking into devices and automobiles remotely, CEO at K-Advisors GmbH Cornelius Granig said. Shymkiv confirmed that such crimes are already being committed in some countries.
When companies that are subject to cybercrime typically work to address security issues after an attack, Marina Krotofil, a principal analyst at intelligence-led security company FireEye, Inc. based in the United States, said it should be vice versa: enterprises should first detect vulnerabilities and develop a program to protect their systems, rather than coming up with temporary solutions after an attack has happened.
Otherwise, business entities and the government will spend millions, cleaning up the consequences of cybercrime, she said.
“Around the globe, it’s still panic driven, it’s not risk driven,” Krotofil said.
In terms of cyberattacks at the state level, criminals often use Ukraine as a testing ground, Krotofil said. The interdependencies between systems often become apparent after attacks as well, she said.
For instance, the NotPetya virus in June not only paralyzed the power grid, it also blocked the medical database that keeps track of stocks of important medications in storage facilities. Unable to check the database, pharmacies had to make 50-70 calls to track down supplies of vital medicines, Krotofil said.
“Ukraine, unfortunately, doesn’t pay attention to (cyber) security and this is why you become this testing ground for everybody else,” she said. The state doesn’t go after the criminals either, she said.
Advice for government
In spite of some attempts by the government to protect computer systems from viruses and virtual criminals, namely by adopting legislation on cybersecurity, a lot more remains to be done, the experts said.
Krotofil said that no kind of protections would prevent attackers getting into a system as they always find some vulnerability. However, adequate protections can lessen the harm they can do once they are in.
Krotofil suggests involving people who are directly connected to the information technology sector in the decision-making process. In this way, programs against viruses will be more effective.
“It’s really important to invite hands-on guys who can give practical advice,” she said.
From her two-years of experience working with Ukrainian security firms, she sees a lot of solutions developed locally by private companies, “which are very effective and superior to what else is out there in the world.”
Special attention should be paid to occupied Donetsk and Luhansk, the territories that attackers use to conduct activities through the Dark Web – a network that requires special software to access that is often used for computer crimes. They move to an area where there is no law enforcement, Granig said. Limiting connections to it might help to stop them.
“I really encourage you to use your own resources, because you do have them, you don’t need any foreign solutions, because you have really good people, who are capable, and you have already the solutions in the country,” Krotofil said.
