THE HAGUE (Reuters) - Banks, rather than their customers, are increasingly the main target of online thieves, Europol director Rob Wainwright said on Friday in an interview.
“That has been an important change,” Wainwright told Reuters after a conference on cyber security in The Hague.
He said the hacks were remarkable in terms of “the level of sophistication, in terms of the malware that’s being used, and in terms of the sophisticated social engineering to identify the most important personnel among the banks’ employees”.
He cited several cases that have been reported in the media, but said many more were never made public.
“Now that’s dangerous because in those cases it led to millions of losses, multi-million losses. But it also shows a level of capability that is getting higher all the time, and perhaps runs the risk of outstripping the ability of the banks to deal with it,” he said.
“It is raising serious questions about, even, about the health of the financial services industry.”
He said the number of “kingpins” behind hacking attacks on banks was more than 100 and fewer than 1,000. Most came from Russia or Ukraine.
“Certainly, in terms of the banking trojans, we say its ostensibly a Russian-speaking problem,” he said, referring to “trojan” attacks in which thieves trick users into installing malicious software on their computers.
He said banks needed to improve their defenses, especially by understanding which employees were most vulnerable to attack and which in turn had authority over vital infrastructure, he said. Police were also looking at new ways to respond.
Criminals’ infrastructure is “very dependent on their code writers and they are not infinite in number”, he said, implying that police are especially devoting resources to identifying the creators of malware.
Editing by Andrew Roche