[an error occurred while processing the directive]
RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2024/01/19 15:56:07

Sberbank (information security)

The article is devoted to Sberbank's fight against fraudsters and cyber criminals.

Content

Data leaks at Sberbank

Main article: Data leaks in Sberbank

2023

Reflection of 124 DDoS attacks and rescue of 300 billion rubles per year. "Sber" summed up the work of the information security system

In 2023, Sberbank successfully repelled 124 DDoS attacks, and also prevented the theft of almost 300 billion rubles of customer funds. Stanislav Kuznetsov, his deputy chairman of the board, spoke about the results of the work of the bank's information security systems.

File:Aquote1.png
In 2023, the effectiveness of our antifrod reached 99.6% - this is the best indicator among such systems in the world, but at the same time we set ourselves an even more ambitious goal - to reach the level of 99.9%. Since the beginning of the SVO [special military operation of the Russian Federation in Ukraine - approx. TAdviser], more than 600 attacks have been committed on Sberbank, while none of them were effective, "Kuznetsov said during a working visit to Simferopol, where the head office of Sberbank opened on January 18, 2024 (quoted by Kommersant).
File:Aquote2.png

In 2023, Sberbank successfully repelled 124 DDoS attacks

According to Sberbank, by the end of 2023, the share of telephone fraud is 85%. There are 8 million fraudulent calls per day, more than 1 thousand call centers call citizens of the Russian Federation.

File:Aquote1.png
With the increasing availability of new technologies, new threats arise, in particular the creation of deepfakes. Such cases are already known until they are of a mass nature, as they require more resources for preparation. However, this is already a very real threat, for which you need to be ready, - said Stanislav Kuznetsov.
File:Aquote2.png

According to him, following the increase in the level of qualification and coordination of attackers, the complexity of the attacks will grow. Also, according to the deputy chairman of Sberbank, "the obvious trend of recent times" is attacks on supply chains.

File:Aquote1.png
Attackers cannot succeed by attacking Sberbank head-on, so we see more and more frequent attempts to attack the companies of the Sberbank group and our partners, "Kuznetsov said.[1]
File:Aquote2.png

"Sberbank" survived the most powerful DDoS attack in history

On November 7, 2023, the head of Sberbank, German Gref, announced the largest DDoS attack on a credit institution. According to the press service of Sberbank, hackers tried to disable the bank's IT infrastructure, sending 1 million requests per second.

File:Aquote1.png
If we talk about DDoS, then the last attack was probably two weeks ago. It was the most powerful attack in our history. It was about three to four times more powerful than the most powerful before, "Gref told reporters (quoted by TASS).
File:Aquote2.png

German Gref announced the largest DDoS attack on Sberbank

He stressed that hackers have never been able to break through even the first circuit of the bank's protection. In total, Sber has three protection circuits. Every month, the bank faces about ten attacks, said the head of Sberbank. He added that the attack was carried out by some new hackers, the handwriting of which is not known to the credit institution.

File:Aquote1.png
Some new very qualified criminals appeared on the market, who began to systematically engage in an attack on the largest Russian resources, "Gref emphasized.
File:Aquote2.png

Deputy Anatoly Aksakov, commenting on the cyber attacks on Sberbank, stressed: it is obvious that this is not complete without our Western "partners." The credit institution is really subjected to very powerful attacks, the parliamentarian paid special attention.

According to German Gref, Sberbank does not see a quantitative surge in hacker attacks, but notes that they have become "much more sophisticated than before."

File:Aquote1.png
All these attacks are 100% from abroad. In terms of our willingness to reflect them, we have not had a single case where it has affected our performance. But this is due to the fact that we are constantly improving the mechanisms of self-defense. We analyze each attack known to the market, and adjust our defense mechanisms to it, "said the head of Sberbank[2]
File:Aquote2.png

Sberbank prevented a massive phishing attack on its employees

The service cyber security Sberbank prevented a mass phishing attack on. bank Sberbank announced this on May 15, 2023. The bank's systems did not allow the employees to receive emails, where they were urgently invited to the military registration and enlistment office for "clarification." The personal data newsletter contained a malicious () - file " virus mobilization prescription." When opening a file, there could be a risk of infecting everything. IT infrastructures

Thus, we can say that fraudsters again use the information agenda that is relevant to society. In this case, phishing mailing "from military registration and enlistment offices" is a fake in which fraudsters exploit the topic - the signing by the President of the Russian Federation of Decree No. 333 of the 10.05.2023 "On the conscription of citizens of the Russian Federation in reserve for military training in 2023." It is possible that other organizations or individuals will be subjected to such a phishing attack. We ask everyone to be vigilant and not succumb to provocations.

Шаблон:Quote 'author = said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank.

2022

Sberbank has prevented theft and fraud of 1.4 billion rubles since the beginning of the year

Since the beginning of the year, Sberbank has prevented hundreds of economic security and fraud encroachments against customers and the bank as a whole. Bank employees helped law enforcement officers solve more than 450 crimes and prosecute 388 violators of the law. The amount of damage prevented amounted to 1.165 billion rubles, Sberbank reported on December 28, 2022.

Trying to take possession of clients' money, attackers most often presented fake identity documents, power of attorney, hereditary and executive documents to employees of Sberbank branches. According to the bank, thanks to the vigilance of employees, enhanced protection measures, innovative technological solutions for monitoring and analyzing dubious transactions, more than 90% of such encroachments are prevented, and the rest are disclosed in the shortest possible time. In 2022, the courts issued 487 convictions to those who caused damage to the bank.

In the field of physical security, Sberbank also prevented the theft of cash totaling 237 million rubles thanks to the instant reaction of the security service of Sberbank, video analytics systems and a multi-level protection system. ATMs

In total, 89 attacks were carried out on the bank in 2022. 78 times criminals tried to extract cash from ATMs. 11 times - rob the cashier, and 10 out of 11 such crimes are solved in hot pursuit.

File:Aquote1.png
"Together with law enforcement agencies, we are successfully fighting unlawful encroachments against the bank and our customers. This year, we reached a significant indicator of detection of crimes in the field of physical security - 99% - and, together with financial fraud, protected 1.4 billion rubles from criminals. These figures speak for themselves and once again prove that any crime against the bank will be solved, and offenders will be caught and punished to the fullest extent of the law, "said Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank.
File:Aquote2.png

DDoS attack involving 100,000 hackers

On October 25, 2022, Sberbank spoke about the largest cyber attack in the history of a credit institution. It lasted more than a day. Read more here.

Sberbank translates its sites to Russian TLS certificates

On September 15, 2022 Sberbank , he announced TAdviser that he had begun installing TLS certificates issued Certification Center Ministry of Digital Development on all his sites, as well as working resources and systems.

Photo: kgd.ru

Sberbank's transition to domestic certificates certification centers will ensure its independence from foreign certification centers and guarantee users safe access to all resources. bank

File:Aquote1.png
"Sberbank is constantly working to replace foreign vendors and services with domestic developments. As part of this program, we were the first in the country to replace foreign certificates with domestic ones. In the near future, our main website will be transferred to them sberbank.ru. Also, the rest of the sites, resources and systems of Sberbank will switch to Russian certificates. This guarantees uninterrupted and safe access of our clients to the bank's services, ensuring their independence from foreign solutions, "commented German Gref, President, Chairman of the Management Board of Sberbank.
File:Aquote2.png

Sberbank also added that the bank is in constant dialogue with relevant departments and regulators in order to minimize possible restrictions on the part of foreign organizations.

The head of the Ministry of Digital Development of Russia Maksut Shadayev said that the department welcomes the decision of Sberbank to transfer its online services to domestic certificates of certification centers.

File:Aquote1.png
"The transfer of the resources of the largest bank and one of the country's leading technology companies to our certificates will be a good example for the entire Russian market and will be an incentive to reduce dependence on foreign companies," Maksut Shadayev said.
File:Aquote2.png

TLS certificates are used to ensure uninterrupted operation of sites. According to the minister, the service for issuing security certificates has been operating since March 2022 on the State Public services portal. Just at that moment, foreign companies began to revoke their security certificates and refuse to issue new ones. Without a certificate, the https site in the browser will not open, while the browser will indicate an invalid connection.

The issuance of Russian security certificates is included by the Russian Government in the plan of priority actions to ensure the development of the Russian economy under external sanctions pressure.

Certificates are issued free of charge by the National Certification Center. As of September 15, 2022, the use of such certificates is supported by Yandex.Browser and the Atom browser.

Over the last quarter, Sberbank withstood about 450 DDoS attacks

In the current realities software , the sphere is of particular importance, cyber security"because right now Russia an organized one is being waged against, the cyber war purpose of which is to disable everything," country's critical infrastructure said the Deputy Chairman of the Board in early September 2022. Sberbank Stanislav Kuznetsov

According to him, Sberbank feels it on itself: over the last quarter bank it withstood about 450 DDoS attacks, and 350 were reflected by its subsidiaries. This is the same as in the last five years. The main activity criminals is focused on three directions:, and network attacks. phishing telephone fraud Technological solutions, including the creation of a library of voices criminals, allow such actions to be resisted, which allows you to successfully combat telephone fraud. More. here

Most attacks on Sberbank come from the United States, China and Europe

Deputy Chairman of Sberbank Stanislav Kuznetsov in early June 2022 told. that Sberbank continues to be subjected to hacker attacks - on average, 3 to 5 attacks are committed per day. But, at the same time, the intensity of cyber attacks decreased, and there were no more such powerful attacks as in early May. Most of the attacks, as Sberbank found out, come from the United States, China and Europe.

In addition, since the beginning of the year, Sberbank has blocked more than 50 thousand dropper cards. Kuznetsov also noted that the Sberbank database contains more than a million phone numbers of fraudsters.

Sberbank repelled the most powerful DDoS attack in its history

May 19, 2022 Sberbank announced - DDoSattacks unprecedented power and new tactics. cybercriminals

On May 6, 2022, Sberbank repelled a powerful DDoS attack in its history. It was directed to the bank's website, and malicious traffic generated by the botnet came from more than 27 thousand devices from Taiwan, the USA, Japan and the UK. Its power was more than 450 gigabytes per second.

Criminals use new tactics and tools to conduct cyber attacks, which include injecting code into advertising scripts, using a malicious extension for Google Chrome, using ready-made docker containers with customized attack tools (Docker is a platform for developing, delivering and launching container applications). Criminal groups are well coordinated, the total number of cybercriminals acting against Sberbank exceeds 100 thousand people.

Successful counteraction to cybercrime is possible only if law enforcement agencies, regulators and cybersecurity units work together. And such cooperation is actively developing. Channels of interaction and exchange of information about cyber attacks have already been created, detailed recommendations for protecting infrastructure have been developed. Among other things, a number of measures have been taken to help consolidate efforts to protect the state and business from cybercriminals.

{{quote 'If before February 24, one DDoS attack was recorded per week, then already in March we recorded up to 46 simultaneous DDoS attacks aimed at different Sberbank services. Large tools were used for attacks, including malicious codes embedded in browsers of users who visited online cinema sites.

As of May 2022, the bank is under cyber attacks around the clock. The Sberbank Cyber ​ ​ Protection Center conducts a 24/7 analysis of cyber threats and responds quickly to them, "said Sergei Lebed, Vice President, Director of the Cybersecurity Department of Sberbank}}

In the near future, the number of DDoS attacks will decrease, but their power will continue to grow, that is, they will become more focused and coordinated. Other types of fraud are also possible due to the availability of a large number of databases. The further development of phishing campaigns in order to steal the credentials of employees of organizations and then penetrate the infrastructure of these organizations will also become logical.

Sberbank stopped a large-scale attack from Ukraine on the cards of Russians

Sberbank stopped attack maps Russians the large-scale on the part of the Ukrainian developer, applications who tried to write off funds throughout the accumulated to base customers. It became known on April 18, 2022 from the words of the deputy chairman of the board bank Stanislav Kuznetsov.

File:Aquote1.png
I want to talk about the attack that was carried out on many Russian citizens with bank cards. Almost immediately after the start of the special operation, we stopped mass debits from the cards of our clients, - said Kuznetsov.
File:Aquote2.png

According to him, the number of write-off attempts reached tens of thousands per minute.

Kuznetsov added that this company, having about 50 different official applications, in violation of the requirements of international payment systems, collected and stored the bank card data of its clients[3].

2021

Bank employee sentenced to a year and 11 months for stealing 2.4 million rubles from a client

In Kursk, an employee of Sberbank Blinova stole 2.4 million rubles from the client's account. The lady asked the victim to give her the code necessary for banking operations. Through an online bank, she transferred the money to her account. The court in July 2021 found Blinova guilty of theft committed on an especially large scale and sentenced to one year and 11 months in prison in a general regime colony.

An employee in Yakutia who stole 35 million rubles was sentenced to 4.5 years in prison

In Yakutia, a verdict was passed on an employee of Sberbank accused of embezzlement of 35 million rubles. From July to August 2020, a senior customer service manager in the village of Batagay took out cash from the bank's cash desk. She replaced the bills with fakes, packing them in vacuum shells. With money, the woman wanted to cover losses on the stock exchange and pay for loans. The employee was sentenced to 4.5 years in a general regime correctional colony.

Sberbank got rid of American and Israeli products in the system of fraud monitoring and security

In 2020, Sberbank fully completed the creation of its own fraud monitoring and security system, said the chairman of the bank's board, German Gref, at a press conference in February 2021. And, he said, the system no longer uses import solutions.

File:Aquote1.png
Now only our own solutions are used there, - said German Gref.
File:Aquote2.png

Gref said that in the 2010s, when the system began to be created, the bank used mainly the solutions of American and Israeli companies, and now the platform is completely built on its own solutions.

German Gref spoke about import substitution in the information security system of Sberbank "(photo - Evgeny Biyatov/RIA Novosti)"

In 2013, for example, Sberbank announced the introduction of a fraud monitoring system based on the Transaction Monitoring & Adaptive Authentication platform developed by RSA, a former security division of EMC. According to the public procurement portal, since that time the bank has regularly concluded contracts for the supply of licenses for this software, its adaptation and technical support, including in 2019.

As for the Israeli company, in 2013 Fort Ross Ventures (until 2015 - SBT Venture Capital), where Sberbank acted as one of the investors, invested in Tufin, a developer of network security solutions based in Israel. It was one of the early investments the company received. Managing Partner of Fort Ross Ventures, and in the past - former Senior Vice President of Sberbank for IT Victor Orlovsky, said that they invested in Tufin, including in order to develop a secure digital environment at the bank [4]

The head of Sberbank did not give details about the new solutions used at the press conference.

2020 was extremely tense in terms of cybersecurity, because there was an increase in a surge in cyber fraud in all areas, said the chairman of the board of Sberbank. And the bank did a lot both in terms of interaction with law enforcement agencies and with the regulator.

The regulator made a number of decisions regarding the strengthening of supervision, the introduction of new standards. Now the deputy chairman of the Central Bank has appeared, which oversees only the cybersecurity system, recalled German Gref. He appeared, in particular, in December 2020: German Zubarev, who previously worked as an adviser to the head of the Central Bank, was appointed deputy chairman in charge of the departments of security and information security.

According to the head of Sberbank, in 2020, the bank prevented attempts to steal funds from customer accounts totaling about 57 billion rubles. For comparison, at the end of 2019, Sberbank reported that in two years - 2018 and 2019 - they prevented theft by cyber fraudsters of customer funds in the amount of about 67 billion rubles. Gref also cited data that 10 billion events pass through the SOC of Sberbank every day.

The head of Sberbank said that in 2020 Sberbank made significant progress in protecting its customers. He recalled that last year the international magazine Global Finance recognized Sberbank as the most secure bank in the world in terms of cybersecurity.

2020

Detention of suspects suspected of embezzlement of 122 million rubles from the accounts of Sberbank customers

The police detained suspects in the theft of more than 122 million rubles from the accounts of Sberbank customers. This was reported on December 12, 2020 by the Ministry of Internal Affairs of the Russian Federation.

According to law enforcement agencies, the defendants in the case produced fake documents proving the identity of citizens of the Russian Federation, and presented them in cellular offices in order to reissue SIM-cards with subscriber numbers tied to the victims' bank cards. After gaining access to personal accounts in a mobile bank, the suspects transferred the victims' money to controlled accounts.

File:5893091.jpg
Police detained suspects in theft of 122 million rubles from bank accounts of Russians

Investigative units of the territorial internal affairs bodies of Moscow, St. Petersburg and the Krasnoyarsk Territory initiated criminal cases on the grounds of a crime under Part 4 of Article 158 of the Criminal Code of the Russian Federation (Theft committed by an organized group on an especially large scale).

By December 12, the police are aware of three victims. TASS source The Russian News Agency in law enforcement agencies clarified that one of the victims was Krasnoyarsk businessman Anatoly Bykov, suspected of inciting the murder of the vice-president of the Boxing Federation of the Krasnoyarsk Territory, and swindlers stole several million rubles from him. Earlier in December, the defendant's lawyer announced the disappearance of money from the VIP account of his client, who is in jail.

In relation to the detainees, two residents of the capital, a preventive measure was chosen in the form of detention. The Ministry of Internal Affairs is looking for possible accomplices. The police found and seized from the defendants bank cards, mobile phones and SIM cards of evidentiary importance for the criminal case.

As noted in the Ministry of Internal Affairs, thanks to the painstaking analytical work of law enforcement agencies and Sberbank employees, suspects in the commission of crimes were identified. They, as noted in the department, carefully tried to disguise their criminal scheme.[5]

Blocking the activities of a fraudulent call center in Melitopol

In September 2020, in Melitopol, employees of the Security Service of Ukraine blocked the activities of the call center, whose participants stole funds from Sberbank bank accounts.

The investigation established that the criminal scheme was organized by three residents of Melitopol. In the city center, they equipped an underground call center, where 54 operators "worked."

They pretended to be bank employees, called customers and received information from them about CVV codes, numbers and pin codes of payment cards.

To "work" with bank customers from Russia, attackers used the routing of international telephone traffic.

Three citizens of Ukraine were detained for theft from Sberbank ATMs in 15 cities of Bosnia and Herzegovina

According to the police, in 53 hours the robbers managed to clean the 23 of the Payten ATM in several settlements - in Brchko, Orash, Tuzla, Lukavac, Kladan, Vogosh, Sarajevo, Kiselyak, Kreševo, Hažić, Ilije, Mostar, Chitluk, Zenica, Kakan and, finally, in Bihac.

In total, 2.7 million marks (97 million rubles) were stolen. It is noted that during the working day, Sberbank employees did not notice the financial losses and learned about what happened only after the arrest of Ukrainians.

The detainees were Alexander Zaytsev, Dmitry Boyko and Yaroslav Titarenko, who entered Bosnia from Serbia on the morning of January 31 through the border crossing to Zvornik.

Decoders and computers used to steal were seized from the criminals. At the same time, most of the looted - 2.6 million marks - as of February 10, 2020 has not yet been found.

The " most powerful" DDoS attack in the history of the bank was recorded

Sberbank recorded the "most powerful" DDoS attack in its history. It was possible to reflect it, said on January 21, 2020, Deputy Chairman of the Bank Stanislav Kuznetsov.

File:Aquote1.png
On January 2, 2020, Sberbank faced an unprecedented DDoS attack, which was 30 times more powerful than the most powerful attack in the history of Sberbank. The attack was carried out using autonomous devices, Novosti IoT quotes him RIA.
File:Aquote2.png

Sberbank recorded the "most powerful" DDoS attack in its history

According to Kuznetsov, there are three times more autonomous equipment for the Internet of Things than people on the planet, and by 2025 the difference will be 5 times.

It is noted that the attack did not entail any consequences, while it was reflected in automatic mode. Sberbank immediately announced this attack to law enforcement agencies and handed them all the necessary information.

Such attacks could not be repelled by every company in the Russian Federation and even in the world, Kuznetsov claims. Strengthening cyber attacks could become a trend in 2020, he said.

Kuznetsov said that the number of hacker attacks on Sberbank in 2019 increased by 15-20%, per day the bank records 280-300 attempts at attacks on its systems. The goal of many of them was to take control of the bank's systems.

According to the deputy chairman of Sberbank, the attack demonstrated that cybercrime is moving into a new plane and continues to gain momentum, and the use of 5G technology in fact threatens a new level of risks in conducting DDoS attacks.

File:Aquote1.png
We identify and block them all. In addition, it is worth noting that mass malicious mailings are still popular - about 50% of the emails that our employees receive are spam, including phishing attempts, he said.
File:Aquote2.png

As the representative of Sberbank recalled, earlier the bank predicted that in 2019 losses from cybercrime could amount to more than 2.5 trillion rubles.

File:Aquote1.png
In general, our forecast was justified, - said Stanislav Kuznetsov.[6]
File:Aquote2.png

2019

Hackers who stole more than 10 million rubles from ATMs of Sberbank and Vozrozhdenie Bank were charged.

On December 13, 2019, it became known that Investigative Committee of Russia (IC) he had charged two with to hackers robbery banks by way. In hacking ATMs their "work," the criminals used a specialized one that ON literally forced ATMs to unload money.

The geography of the group's activities, as well as even the approximate timing of its organization, was not disclosed by the Investigative Committee. It is only known that in 2018 hackers robbed ATMs in various areas of the Moscow region. The total amount of "earnings" exceeded 10 million rubles.

Both criminals were charged under paragraphs 3 and 4 of Article 154 of the Criminal Code of Russia (theft by an organized group of funds committed on a large and especially large scale, as well as attempted theft). Violation of paragraph 3 is punishable by a fine of 100 to 500 thousand rubles. or in the amount of income charged for a period of up to three years. They can also be awarded forced labor for up to five years with restriction of freedom for up to one and a half years. The maximum punishment for this violation is imprisonment for up to six years, along with a fine of 80 thousand rubles.

The Investigative Committee charged with violation of Art. 154 of the Criminal Code of the Russian Federation only two members of the hacker group - their total number as of December 13, 2019 was not known. According to the department, one of the hackers in was detained by law enforcement agencies of another country for similar crimes.

The name of the country in which the detention took place, the Investigative Committee does not report, as well as how it managed to identify the connection between this criminal and those who were arrested for robbing ATMs in the Moscow region, but he will seek his extradition for criminal prosecution in Russia.

According to the UK, hackers, whose names, surnames and ages the agency does not report, were extremely selective in the choice of ATMs. They hacked exclusively ATMs of Sberbank and Vozrozhdenie Bank - the investigation does not say whether the criminals made attempts to rob ATMs of other financial organizations.

It is also unknown what such restrictions were associated with - it is possible that the software they use skillfully works exclusively with ATMs of Vozrozhdenie and Sberbank[7] will be[8].

2.5 million complaints about phone fraud in a year

Social engineering has supplanted all other types of cyber fraud in recent years. Sberbank In 2019 alone, 2.5 million complaints were received - telephone fraud calls under the guise of the bank's security service. Compared to 2017, the growth was 15 times, and many cases are simply unknown, since customers did not report them to the bank. Fraudsters have already acquired personal consultants who analyze the methods of counter-response of banks. In 2019, Sberbank calculated the number of unique numbers from which attackers call - there were 170 thousand of them.

Ban on employees taking pictures of computer screens

On June 24, 2019, it became known that large banks in Russia banned their employees from photographing computer screens using personal mobile phones. According to RBC, restrictions were introduced at Sberbank, Unicredit Bank, Otkritie Bank and VTB. Read more here.

2018

Reflection of 90 DDoS attacks per year

In 2018, Sberbank repelled 90 DDoS attacks, of which 25 cyber attacks had high power. This was announced on December 25 by the credit institution itself in its report "Bank Trends - 2018."

It follows from it that the indicators of DDoS attacks on Sberbank's systems have grown one and a half times compared to 2017. Each week, the bank receives an average of 14.5 thousand emails with malicious attachments and separates (blocks) five phishing sites. Throughout 2018, Sberbank recorded an average of one or two DDoS attacks per week. Such attacks are external influences on the systems of organizations, leading to overload. Ultimately, they can lead to a shutdown of the organization's IT infrastructure.

Data on cyber attacks on Sberbank
File:Aquote1.png
Despite this intensity of threats, Sberbank's banking systems and services have never been disabled by cybercriminals, the report says.
File:Aquote2.png

It is also reported that about 5% of all cyber attacks in Russia are aimed at Sberbank systems. The bank came to such conclusions on the basis of data for the first quarter of 2018.

According to Qrator Labs (specializing in countering DDoS attacks and ensuring the availability of Internet resources), the number of DDoS attacks on banks around the world in 2018 increased 1.9 times compared to the previous year.

Cyber attacks on banks are increasing amid the growing popularity of mobile banking. By December 2018, the active audience of users of the Sberbank Online mobile application exceeded 40 million people. For the year (from October 2017 to October 2018), the increase was 47%. These figures correspond to high indicators for foreign large retail banks, noted in Sberbank.

More than 60% of active users of digital channels (SMS, website, application) - almost 25 million people - mainly use only a program for smartphones and no longer even enter the traditional web version.

6 major cyber attacks in 2 days

According to a November 30, 2018 report, Sberbank"" has undergone a series of six over the past two days. hacker attacks DDoS attacks were carried out via spoofing from at least 100 servers from six countries. At the same time, the bank's systems were not affected.

File:Aquote1.png
author '= Stanislav Kuznetsov,[9] of[10]
What has been going on for the last few days has caused us a certain amount of anxiety. Yesterday and the day before yesterday, Sberbank's resources were attacked at least six times. The total duration of these DDoS attacks was at least 1.5 hour. One of the attacks lasted about 27 minutes. This is an unprecedented attack in duration, which was carried out using the latest technologies using satellite technology and hiding the sender's addresses. According to our estimates, it was carried out very professionally, as part of this attack, the attacker actively investigated the level of our defense. These attacks did not affect the bank's resources. With a high probability, they were carried out from abroad. And from the materials that we have, it is clear that the attacks were from more than 100 servers located in six countries of the world. Sberbank's protection and technologies allow you to successfully repel such attacks. If such attacks were carried out on the servers of another company, the consequences could be significant. "
File:Aquote2.png

Sberbank saved 32 billion rubles of customer funds from cyber fraudsters

On November 29, 2018, it became known that Sberbank summed up the preliminary results of 2018 in the field of cybersecurity. According to the company, Sberbank saved 32 billion rubles of customer funds from cyber fraudsters. In November 2018, social engineering became the most common type of cyber fraud - more than 80% of the cases recorded by Sberbank in 2018 fell on this method of obtaining unauthorized access to information, based on the use of human weaknesses. At the same time, as of November 2018, 86% of all cases of social engineering amounted to "self-transfers" of funds under the influence of fraudsters.

The most typical "self-translation" case for November 2018 is cheating on free ad sites. The client posts an advertisement on the site, a call is made from a potential "buyer," during which the client himself tells him the details of his bank, maps often even providing - SMSpasswords so that the attacker can perform all transactions on behalf of the client.

Since the beginning of 2018, Sberbank has saved 32 billion rubles of customer funds from cyber fraudsters using a fraud monitoring system based on artificial intelligence. As of November 2018, the fraud monitoring system analyzes more than 150 million operations per day and blocks suspicious transactions.

Sberbank Cyber ​ ​ Protection Center more than 3 billion events are processed daily, with several thousand of them related to. On harmful ON average, in 2018, Sberbank recorded 1-2 DDoS attacks on its systems every week. In total, since the beginning of 2018, the bank has repelled 62 DDoS attacks, 25 of them are high-power attacks, their number is 1.5 times higher than this figure in 2017. The result of the work of the Cyber ​ ​ Defense Center was the uninterrupted operation banking systems of services from DDoS attacks and uninterrupted customer service.

On average, in November 2018, Sberbank separates about 5 phishing sites per week, and during the quarter the bank's security systems record about 190 thousand attempts to send letters containing malicious investments and phishing to bank employees.[11]

File:Aquote1.png
Cybercriminals are more likely to hack not the IT system, but the person, so people need to know cybersecurity rules and follow them at the habit level.

Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank
File:Aquote2.png

Dr.Web: More than 78 million rubles. Sberbank clients under threat

Analysts at Doctor Web recorded in April 2018 the spread of the Android.BankBot.358.origin Trojan, which is aimed at Sberbank customers. This malware steals bank card information, withdraws money from accounts, and blocks infected devices and demands a ransom. The damage that can cause Android.BankBot.358.origin exceeds[12].

Android.BankBot.358.origin known to Doctor Web since the end of 2015. Viral analysts have established that the new modifications of the Android.BankBot.358.origin Trojan are designed to attack Russian customers of Sberbank and have already infected more than 60 thousand mobile devices. However, since virus writers distribute many different versions of this malicious application, the number of victims can increase significantly. The total amount of funds that attackers are able to steal from bank accounts of owners of infected devices exceeds 78 million rubles. In addition, cybercriminals can steal more than 2.7 million rubles. from mobile phone accounts.

This banking Trojan is distributed using fraudulent SMS, which can be sent by both cybercriminals and the malware itself. Most often, messages are sent on behalf of service users Avito.ru. In such SMS, a potential victim is invited to follow the link - allegedly to get acquainted with the response to the ad. For example, the text is popular: "Good afternoon, is the exchange interesting?" In addition, sometimes mobile device owners receive fake notifications about loans, mobile transfers and crediting money to a bank account.

When clicking on the link from such a message, the victim gets to the site belonging to the attackers, from where the apk file of the malicious application is downloaded to the mobile device. For greater conviction, virus writers use the icon of this Avito program in the Android.BankBot.358.origin, so the likelihood of a successful installation of the Trojan after loading it increases. Some modifications of the banker can be distributed under the guise of other programs - for example, software for working with payment systems Visa and Western Union.

The press service of Sberbank promptly responded to the message of the Doctor Web company and sent a message to the media that the bank's specialists had long known about the existence of the described malicious program, and the Sberbank Online application with built-in antivirus was able to protect mobile devices from such attacks.

2017

Sberbank's cybersecurity management center received a certificate of compliance with an international standard

On December 13, 2017, Sberbank became the first bank in Russia whose cybersecurity management center is certified by the British Standards Institution (BSI) for compliance with the international standard ISO/IEC 27001:2013.

Sberbank Cybersecurity Management Center (2017)

[13] defines the requirements for the creation, implementation, maintenance and continuous improvement of the organization's information security management system. It also includes requirements for the assessment and handling of information security risks tailored to the needs of the organization. The developer of the standard is the International Organization for Standardization (ISO), one of the accredited certification bodies is the British Standards Institution (BSI).

For more information about the project, see IBM will create an information security center for Sberbank.

Sberbank has gathered a thousandth army of information security specialists and continues to "vacuum" the market

In 2017, Sberbank significantly increased the number of information security specialists (information security), and as of November, the bank employs about 1,200 such employees, the head of the cybersecurity service of Sberbank Sergei Lebed told TAdviser. In addition to Moscow, the bank's cybersecurity service is represented in five more cities.

According to Sergei Lebed, the service is planned to be expanded further. He preferred not to name the exact figures for the existing and planned growth of employees in the field of information security, but indicated that their rotation in Sberbank is about 100 specialists a year. Some people "grow" and go to other units, notes Lebed.

Sergei Lebed notes the presence of a shortage of personnel in the information security market

The head of the cybersecurity service of Sberbank noted that there is a serious personnel problem in the information security market - a shortage of specialists in the field of cybersecurity. He sees the roots of this in the low level of professional training in Russian universities: "security officers are not taught IT, and IT officers are not taught security."

File:Aquote1.png
In our understanding, a specialist in the field of information security is an expert in IT. And not only are there no experts at the exit from the university, but the security specialist is also very far from information technology. And this problem is common, and Sberbank, and other companies. This is a country's problem, and something needs to be done about it, the education system should be changed, "Lebed said.
File:Aquote2.png

He added that during a recent meeting with colleagues from Innopolis, who are also engaged in training personnel in the field of information security, it turned out that they bought programs in international universities for "very big money."

File:Aquote1.png
This is the right commercial move in terms of quick effect, but can't we develop these courses, are there really not enough competencies for this in a country where the world estimates the best hackers? - asks the representative of Sberbank.
File:Aquote2.png

One of the factors in the current situation, Sergei Lebed, outlined the fact that good specialists in the field of information security are rarely detained in universities as teachers due to low salaries.

Solar Security CEO Igor Lyapunov believes that Sberbank is a "vacuum cleaner" of personnel in the field of cybersecurity: in Solar Security, many employees regularly receive invitations with multiply increased salaries. With a shortage of personnel on the market in the field of information security and a large number of open vacancies of Sberbank, such hunting can aggravate the problem for other companies in the market.

Sergei Lebed explains that Sberbank works with universities in the field of training in the field of information security: as of autumn 2017, it has partnerships with 7 universities. But if there are not enough personnel in universities, then it solves the problem "commercially." Sberbank needs ready-made personnel who are ready to solve problems, says a bank representative. At the same time, Sberbank is ready to teach them and invest in them, but not for five years, Lebed noted.

Artificial intelligence helped Sberbank of the Russian Federation identify a scheme to steal money from ATMs

Specialists of Sberbank of the Russian Federation, using artificial intelligence in the fraud monitoring system, were able to determine the method of attackers aimed at hacking ATMs and build protection against the actions of hackers. This was announced in June 2017 by the deputy chairman of the board of the financial institution Stanislav Kuznetsov.

File:Aquote1.png
We recorded this for the first time using artificial intelligence technology. The fraudster inserts a card, requests a certain amount, the ATM begins to count money. The moment he delivers the money to the receiver inside, the ATM must issue the card back. The fraudster holds the card, it gets stuck in the receiver. And the money is already in the issuance device, and it was possible to get this amount earlier in our ATMs. As a result, the criminal had money, the card was also in his hands, - explained Kuznetsov.
File:Aquote2.png

In fact, the issuance of money by the ATM was not recorded and they were not debited from the account.

Traces of intruders conducting such thefts, which were recorded in Moscow and St. Petersburg, were almost impossible to detect. As Kuznetsov explained, to see "deviations between the volume of loading and collected revenue at the ATM and compare the difference and the operations performed on the device" allowed the software of the fraud monitoring system. According to him, thanks to the use of artificial intelligence technology in this system, which makes it possible to analyze the behavior of cardholders as efficiently as possible, it made it possible in March this year to determine the methodology of theft and develop countermeasures. Based on the data, specialists became available "information about where, when these cards were used, at what addresses, and so on[14].</blockquote>

In July, Sberbank plans to launch a fraud monitoring system on all self-service devices.

Deputy Chairman of Sberbank: The state was not interested in our weapons against WannaCry, and abroad we were applauded

The deputy chairman of the board representing the Sberbank Stanislav Kuznetsov team at cyber security(St. Petersburg International Economic Forum SPIEF) in May 2017 criticized the reaction to the states attack of Russian organizations by the ransomware virus WannaCry and the attitude of officials to the topic of cybersecurity in general.

A large-scale cyber attack using the WannaCry virus took place earlier in May and affected more than 70 countries, in a number of them the computers of government departments and large companies were attacked., Russia according to the data, it was Kaspersky Lab most infected. Among the organizations whose computers were hit were Sberbank "Megaphone",,,,,. MINISTRY OF INTERNAL AFFAIRS Ministry of Health RUSSIAN RAILWAY MINISTRY OF EMERGENCY SITUATIONS

Stanislav Kuznetsov believes that the state did not pay enough attention to the problem with the WannaCry attack

Stanislav Kuznetsov said that Sberbank was among the first, literally in minutes, to see this situation, and the bank's specialists instantly understood what the problem was. According to him, after a few hours they created a utility that allows you to determine remotely in any company the presence of this virus and stop its spread.

File:Aquote1.png
We offered help to everyone targeted and helped organizations free of charge. However, this utility did not arouse interest among state institutions, although they applauded us abroad, because we did it quickly enough, "said the deputy chairman of the board of Sberbank.
File:Aquote2.png

Kuznetsov wonders why there was no discussion in Russia about what serious conclusions need to be drawn from this attack.

File:Aquote1.png
None of the state officials gathered us, discussed this problem, did not understand what reasons led to this, and does not want to look for ways out of this situation, "he complained.
File:Aquote2.png

According to Kuznetsov, in Russia there is a general underestimation of cybersecurity risks, despite the fact that Russia is "the number one target for all hackers."

Russian cybersecurity legislation should be modified, said the deputy chairman of the board of Sberbank. He noted that a year ago at the PMEV there was a discussion that it was necessary to urgently adopt a package of legislative initiatives in this area, but since then there have been only small attempts to modify something, and laws are not adopted. The bills introduced by the FSB and other departments are crumbs against the background of what the country needs.

According to Stanislav Kuznetsov, state institutions today are unable to manage billions of cyber risks on their own, and for effective protection it is necessary to attract all large corporations from all industries.

2016

Sberbank repelled 74 DDoS attacks in 2016

Sberbank recorded 74 DDoS attacks on its systems in 2016. This was announced at the end of the year by the deputy chairman of the board of Sberbank Stanislav Kuznetsov.

According to Kuznetsov, large attacks on the bank are carried out every week or once every 10 days. In December, hackers attacked Sberbank 6 times. The credit institution manages to prevent almost 100% of skimming attempts (theft of card data using a special reader).

At the same time, Kuznetsov stressed that skimming has now become rarely used by cybercriminals.

File:Aquote1.png
There are no new elements of fraud, we continue to record special risks for companies that are not engaged in cybersecurity. We record attempts to withdraw several million rubles about once a week, "he said.
File:Aquote2.png

However, in December, the bank did not record major losses of Russian companies. In particular, the reduction of damage occurs as a result of more coordinated work of law enforcement agencies with credit institutions.

Sberbank stopped cyber fraud attempts in the amount of over 8.6 billion rubles

For 9 months of 2016 , Sberbank prevented fraud against its clients - individuals and legal entities in remote banking channels and  retail outlets in the amount of more than 8.6 billion rubles, the bank reported in October. In 2015, fraud in the amount of 4.8 billion rubles was prevented during the same period .

The damage from fraud in the Sberbank Online mobile application has been reduced by more than seven times, in the Mobile Bank system - by half, they say in Sberbank.

Sberbank did not specify to TAdviser how much money cyber fraudsters managed to steal from customer accounts in 2015 and for 9 months of 2016.

Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov notes that the amount of prevented damage increased by 1.8 compared to the same period in 2015, despite the increased activity of criminals. According to him, this became possible thanks to the introduction this year of "the latest security technologies" that allow Sberbank to more effectively prevent cyber fraud.

In April 2016, Sberbank reported on the completion of the first stage of construction of the Security Operational Center (SoC), within the framework of which a centralized SIEM system was introduced to collect and correlate security events. This made it possible to consider up to 1 million suspicious events in the operation of the organization's systems per day. Before the creation of the SoC, the bank managed to study only 100-200 incidents per day.

As of mid-2016, according to Stanislav Kuznetsov, "several hundred" employees are involved in providing information security in Sberbank.

Creation of a cyber defense center, entry into the information security services market

On October 13, 2016, Sberbank and the Russian representative office of Microsoft announced an agreement on the creation of a cyber defense center, with the help of which the bank intends to provide business with a range of information security services (more).

Partnership agreement in the field of information security with leading universities of the country

On July 15, 2016, Sberbank entered into an agreement on strategic partnership in the field of information security with Moscow State University, Bauman Moscow State Technical University, HSE, MIPT, MEPhI and Moscow University of the Ministry of Internal Affairs.

The agreement provides for specialized training of specialists for subsequent work at Sberbank, as well as joint research, educational and research projects.

"The development of information security systems is one of the most important areas of Sberbank's work," said Stanislav Kuznetsov, Deputy Chairman of the Management Board of Sberbank. - Strategic partnership with leading Russian universities will further strengthen our position in this area. In addition, we will help universities to create up-to-date information security training programs, and students to work on applied popular topics. "

Sberbank has created a special "daughter" and a laboratory to strengthen cybersecurity

In June 2016 , Sberbank spoke about the current results of activities to improve the level of information security (information security) in its organization. Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov noted that the number of cyber attacks and the volume of damage from them are growing in Russia and in the world. In 2015, Sberbank conducted a deep analysis of the information security situation, which showed that the bank needs to completely change its landscape, the configuration of its forces and means in order to counteract the existing volumes of threats, he said.

According to Kuznetsov, based on this analytics and forecasts, Sberbank last year developed and approved the concept of cybersecurity. In 2015, the bank also implemented the first stage of creating a single operational center for information security (Security Operation Center, SOC). Within its framework, a system for managing all information security incidents (SIEM) was deployed. Sberbank records up to 1 million events per day that can carry information security risks. In SOC, all risks are promptly analyzed and prevented.

В диспетчерском центре MegadPC Sberbank Stanislav Kuznetsov demonstrated the operation of some systems of a single SOC bank in real time. Where the SOC itself is located, Sberbank prefers not to say
Sberbank's information security system calculates in real time the amount of prevented embezzlement of funds from customer accounts per day. May 10 by 13:00, for example, it could have been, but more than 27 million rubles were not stolen

Where exactly the SOC of Sberbank is located, the deputy chairman of the board of the organization chose not to disclose for security reasons. They are not frank in Sberbank about the decisions that are used in it. At the same time, Stanislav Kuznetsov told TAdviser that by the end of 2016 Sberbank plans to implement the second stage of work in the field of SOC. The project is called SOC 2.0.

File:Aquote1.png
SOC 2.0 is a new level of information security risk management and removal of critical risks that Sberbank detects in the operation of any systems of the bank, including those used by customers, "said Stanislav Kuznetsov.
File:Aquote2.png

He added that the project involves the introduction of a number of new systems that will identify and eliminate these risks. They will use developments in the field of Big Data technologies and, possibly, elements of artificial intelligence.

According to the deputy chairman of the board of Sberbank, in 2015 the bank collectively spent about 1.5 billion rubles. for events related to information security. How much will be spent on the same goals in 2016, he chose not to voice yet. As of mid-year, according to Stanislav Kuznetsov, "several hundred" employees are engaged in information security at Sberbank.

As a continuation of the development of information security, in 2016 the bank founded a subsidiary company "Safe Information Zone" (short name - "Bison"), which will conduct activities in the field of information security. In particular, she will analyze the situation in the world in the field of cyber threats, test all Sberbank systems for their vulnerability, as well as conduct expertise related to cyber risks. This company also provides support for SOC, added Stanislav Kuznetsov.

Another element in Sberbank's cyber defense chain was the cybersecurity laboratory created by Sber Tech in 2016. The deputy chairman of the board of Sberbank explained to TAdviser that she will develop prototypes of information security solutions for subsequent use in the bank: "she will take some ideas and bring them to the level of a prototype." The creation of industrial solutions based on some of these prototypes and their implementation will subsequently be carried out by either Sber Tech or third-party contractors.

In the spring of 2016, Sberbank also sent a group of its experts to the United States to study the best foreign experience in countering cyber threats in financial institutions. To this end, they visited CitiBank, and also met with representatives of global IT vendors such as IBM, Microsoft, Dell and others.

IBM is chosen by the developer of the Sberbank Information Security Center

At the end of December 2015 , Sberbank announced[15] competition[16] to select consulting service providers as part of the development of a single information security operation center (SOC). The maximum contract price is 60.9 million rubles. The winner of the auction was IBM. For more information about the project, see the link.

2014: Sberbank prevented embezzlement of RUB 2.9 bln from customer accounts

In the materials of the annual report published in May 2015, Sberbank spoke about the results of activities to ensure information security and counter fraud over the past year.

According to the bank, in 2014, 71 attempts to steal funds from legal entities and over 87 thousand attempts to steal funds from individuals were suppressed. The amount of prevented damage amounted to more than 2.9 billion rubles. Attempts at fraud in retail outlets accepting bank cards for payment through Sberbank payment terminals in the amount of about 0.8 billion rubles were also identified and prevented. Sberbank did not provide data on the volume of theft following the results of successful fraudulent operations.

In 2014, Sberbank installed more than 13,000 sets of active antiskimming equipment on self-service devices

The bank notes that in cooperation with law enforcement agencies last year, the activities of several cybercriminal groups carrying out mass attacks on their bank's customers were stopped, the perpetrators were detained and brought to justice. One of these episodes was reported by the[17] in March 2014: then, with the support of Kaspersky Lab and Sberbank, a group of attackers was detained who organized both theft of funds from banks and carried out cyber attacks on legislative bodies. Then, according to Sberbank, the theft of "tens of millions of rubles" from the accounts of its clients was prevented.

In 2014, Sberbank also carried out planned work on the technical protection of self-service devices from skimming: the bank installed more than 13 thousand sets of active anti-skimming equipment and developed a procedure for the interaction of its divisions when checking reports of suspected skimming.

File:Aquote1.png
As a result, we warned 702 cases of skimming and seized 142 sets of skimming equipment, and the amount of damage from skimming prevented by us amounted to about 4.7 billion rubles, "Sberbank states.
File:Aquote2.png

In 2014, in terms of improving the security of the bank's information systems to protect personal data of customers, a system for preventing external confidential information leaks (DLP system) was introduced and a certification audit of the main processing center Sberbank was conducted for compliance with the international PCI DSS ( Payment Card Industry Data Security Standard). This standard is designed to ensure the security of processing, storage and transmission of data on payment card holders in information systems of companies working with international payment systems Visa, MasterCard and others.

An audit according to the same standard was passed in the Yandex.Money division, which became part of Sberbank in 2013. In addition, Yandex.Money in 2014 debugged the anti-phishing procedure and introduced a 24-hour video surveillance system in offices, according to the bank's reporting materials.

2013: Sberbank prevented damage from skimming operations by 5.6 billion rubles

In the corporate social responsibility report for 2013, published in June, Sberbank spoke about the results of its activities to ensure information security and counter fraud over the past year.

The document says that in cooperation with law enforcement agencies in 2013, members of two criminal groups infected users' computers with malicious viruses were detained, including the developer of the banking Trojan Carberp itself.

Also last year, the first mass attacks on customers using the Sberbank Onl @ yn mobile application by "modern mobile viruses" as well as DDoS attacks on infrastructure by radical international hacker groups were identified and prevented.

In 2013, fraud attempts at retail outlets were identified and prevented, accepting bank cards for payment through Sberbank payment terminals in the amount of more than 1 billion rubles, and also prevented damage from skimming operations in the amount of about 5.6 billion rubles, follows from the bank's report.

Also in 2013, there was a fraud with 5,000 bills: with them, several million fake rubles were received in the Sberbank system. In response to fraudulent actions, security measures were strengthened: in particular, the bank's ATMs were converted with improved banknotes.

The report notes that last year Sberbank recorded four cases of disclosure of personal data of customers.

File:Aquote1.png
All cases were local in nature and affected a very small number of customers. Nevertheless, we decided to improve the policy regarding the processing of personal data, involving employees from different departments in its development and including a number of additional protection procedures, the Sberbank report says. "Also, since 2013, regular inspections of premises have been carried out in territorial banks and additional measures have been taken to protect material carriers."
File:Aquote2.png

In 2013, we passed mandatory procedures for verifying the information systems of Sberbank Group subsidiaries. In particular, we certified information systems for compliance with information security requirements and obtained compliance certificates for 20 informatization objects.

IT projects at Sberbank

{{# ITProj: Sberbank}}

Notes

  1. Sberbank in 2023 prevented the theft of almost 300 billion rubles of customer funds
  2. Sberbank spoke about the most powerful attack in history
  3. Sberbank stopped a large-scale attack from Ukraine on the cards of Russians
  4. First major success for a Fort Ross Ventures fund: IPO of Tufin Software Technologies Ltd takes place in US.
  5. Employees of the GUUR of the Ministry of Internal Affairs of Russia, together with colleagues from the regions, detained suspects in embezzlement of more than 122 million rubles from the accounts of bank customers
  6. Sberbank reported the most powerful DDoS attack in its history
  7. [https://www.cnews.ru/news/top/2019-12-13_rossijskih_hakerov_posadyat of Russian hackers
  8. imprisoned for 10 years for stealing 10 million from ATMs]
  9. [https://www.plusworld.ru/daily/cat-security-and-id/seriya-moshhnyh-ddos-atak-obrushilas-na-sberbank/ Deputy Chairman of the Board of Sberbank A series
  10. powerful DDoS attacks hit] Sberbank
  11. Sberbank saved 32 billion rubles of customer funds from cyber fraudsters
  12. 78 million rubles "Dr.Web": More than 78 million rubles. Sberbank customers are under threat
  13. ISO/IEC 27001:2013
  14. " Artificial intelligence helped Sberbank of the Russian Federation identify a new scheme for stealing money from ATMs
  15. [http://zakupki.gov.ru/223/purchase/public/purchase/info/common-info.html?noticeId=3251016&epz=true&style44true&style44true&style44true the Selection of Consulting Service Providers
  16. as part of the development of a single information security operation center]
  17. FSB with Kaspersky caught hackers trying to rob Sberbank