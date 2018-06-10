Hackers Crashed a Bank's Computers While Attempting a SWIFT Hack (bleepingcomputer.com) 14
An anonymous reader writes: Hackers have used a disk-wiping malware to sabotage hundreds of computers at a bank in Chile to distract staff while they were attempting to steal money via the bank's SWIFT money transferring system. The attempted hack took place at the end of May when hackers wiped the HDD MBR of over 9,000 computers and over 500 servers. Fortunately the hackers failed to steal money from the bank (an estimated $11 million). This is the same hacker group who failed last month when they tried to steal over $110 million from a Mexico bank. Further reading: Ripple and SWIFT slug it out over cross-border payments.
They may have not gotten the $11M for themselves but if they really crashed out 9,000 desktops and 500 servers I would bet the overall damage is actually much more than $11M.
no, restoring those systems won't cost that machine unless its IT dept were total idiots.
I don't know why this is modded down, because it's correct.
Like many here, I worked in IT. I'm retired.
During my career, I made best practice recommendations that were obvious to the most casual observer.
However, the business side did (faulty) risk assessment and declined to budget for security and clever backup systems.
While I seldom had to rely on backup, we were hacked several times because, for example, the fucking owner fell for, "Your UPS package isn't going anywhere until you click on this link," and
If it was truly only the MBR that was wiped, it wouldn't take THAT much to restore. You could easily create a bootable CD/USB drive with a small script to write out the first sector of the only attached HDD. Considering the quantity of machines, odds are they're mostly the same and had a standard drive image applied to all of them. The MBR is just a basic list of drive/partition geometry information, which is most likely the same across a vast majority of machines in the corporate world like this.
If they were real hackers then they wouldn't have wiped the drive MBRs but merely replaced the HDD/SSD firmwares with hacked ones that gave them a nearly undetectable backdoor to the bank. Seriously, if you are going to steal millions then you should at least make an effort to do it properly. -_-
I'm not sure they qualify as "hackers" - I understand one quality of a hacker is the ability to get in and out without being detected. Perhaps we need a name for ridiculously inept cybercriminals; Boofheads, for example.