In 2023, Kaspersky’s Global Emergency Response Team (GERT) participated in services around the world that allowed our experts to gain insight into various threats and techniques used by APT groups, common crimeware and, in some cases, internal adversaries. As we highlighted in our annual report, the most prominent threat in 2023 was ransomware, and the Government vertical was the sector that most frequently requested digital forensics, incident response and malware analysis (DFIRMA) services. While file encryption was the most common threat last year, this post proposes a deep dive into specific cases that caught our attention and were mentioned during our annual DFIRMA report webinar.
The insider fraud attack
A group of collaborators at a government organization identified an internal service that allowed the creation of legitimate transactions that weren’t direct money transfers, but could result in monetary losses for the organization. These losses could reach millions of dollars.
The following scenario (not related to a specific customer) could be considered an example of such misuse of an internal service:
A bank only allows a customer to open a maximum of two bank accounts for free, with the customer paying a fee to open additional accounts. However, the adversary used the internal system to create multiple bank accounts for individual customers, who avoided paying the required fees in exchange for a payment to the adversary. As a result of this incident, the organization reported a loss of more than $20 million.
Many logs related to the appl ..
Support the originator by clicking the read the rest link below.
