Ryanair robbed of £3.3m – but what can the industry take from this latest high profile hack?
Ryanair has today confirmed that a fraudulent electronic transfer via a Chinese bank resulted in the theft of £3.3m from one of its company accounts.
Following the discovery of the fraud last Friday, Ryanair reportedly asked the Crimminal Assets Bureau in Dublin for help in getting the stolen funds returned via counterpart agencies in Asia.
The budget airline said in a statement to the Irish Times: "Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week."
"The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen.
"The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.
With little information given about who was behind the hack or how the scam was operated, CBR has turned to industry experts to outline the many lessons that can be learnt from this cyber theft.
1. Do not underestimate the hustler
Catalin Cosoi, Chief Security Strategist at Bitdefender, said: "This latest hacking scam serves as a perfect reminder of just how skilled and motivated cyber criminals are, especially when large amounts of money are involved.
"The fact that large companies are now targeted should indicate that cybercriminals have upped their game and are more interested in going for big scores. If end users were the primary sources of income until now, we might be witnessing a paradigm shift in how these online "hustlers" operate."
2. Focus is now on the big bucks
Aleks Gostev, Chief Security Expert at Kaspersky Lab GReAT Team, said: "The days when cybercriminal gangs focused exclusively on stealing money from end users are over.
"Criminals now attack businesses directly because that’s where the big money is. We don’t have specific technical details about the cyberattack on Ryanair or about how the money was actually stolen, but, based on our experience, fraudulent electronic transfer via a bank is a realistic scenario.
"In February this year we reported on the "Carbanak" cyberattacks that included financial institutions worldwide among its targets and resulted in the theft of up to one billion US dollars – some of it transferred to banks in China as well. For business sectors other than financial services, the attackers could probably transfer money to fraudulent accounts through online-banking or E-payment systems."
3. Cybercrime is changing – intel must be shared
Alan Carter, Cloud Service Director at SecureData said: "I wonder if it is a hack in the traditional sense? With little information about what happened, it is quite conceivable that this was an inside job, or carried out by someone who knows their systems intimately.
"When we speak of hacking we generally mean people breaking into computer systems, is this just a modern method of breaking into banks? I certainly think so and it is a lot easier than spending a bank holiday weekend drilling into safety deposit boxes in Hatton Garden with pretty much no risk of getting caught.
"I think this is the way the criminal element is moving, away from street crime, burglary etc and other forms of ‘traditional’ stealing due to the huge rewards and minimal risk. If indeed the money was transferred to China, then the chances of finding the culprits is pretty slim.
"It also shows the need for an obligatory reporting system in the case of cybercrime, if we do not share details of attacks and breaches with other businesses, then how can we and the security industry at large learn and understand from them? I suspect very few businesses would cover up a physical attack on their infrastructure, so why do they do it for a cyber attack?"
4. CSOs: Recognise your responsibility
Rob Norris, Director of Enterprise & Cyber Security Fujitsu UK&I, said: "As the sophistication of security threats continue to increase, it has never been more important for organisations to have the appropriate tools and services in place to protect themselves from fraud.
"The amount of data and confidential information that is transacted every day, coupled with the growth in reliance on digital services, means that many businesses are at risk – making them an easy target in the eyes of a cyber-criminal.
"Organisations can no longer afford to make mistakes in security and should look to make fraud security part of its security programme. By communicating from the top down what cyber security means to its business, CSOs can help all employees to recognise their responsibility in ensuring the company is adequately prepared to manage threats.
"As well as this, CSOs should act as the "business enabler" by making sure that business runs as usual and everything is secure by default."
5. Loose ends must be cleaned up
Chris Sullivan, VP Advanced Solutions at Courion, said: "Organisations should be deploying identity analytics and intelligence solutions that will allow them to clean up loose ends like abandoned account or orphan accounts that have no administrative oversight, or those accounts that have more access rights than are really warranted.
"More importantly, identity analytics can enable an organization to continuously monitor for unusual access behavior within privileged accounts so that a hacker, once in, can be detected more quickly and hopefully stopped in his tracks.
"To this point, the Verizon DBIR stated that "75 percent of detection took weeks," and "We need to close the gap between sharing speed and attack speed." I couldn’t agree more with the latter."