Czech financial institutions were facing cyberattacks. Fatal damage was prevented by CDC experts
1/27/2020
Czech financial institutions were facing cyberattacks. Fatal damage was prevented by CDC experts

AEC Cyber Defense Center successfully eliminated phishing attacks on Czech financial institutions lead by hacking groups Cobalt Group and TA505. Our specialized cyber defence centre has been providing comprehensive, efficient, and at the same time affordable outsourcing services to large, medium, as well as small companies.

At the end of last year, our Cyber Defense Center (CDC) managed to detect and stop execution of several sophisticated attacks aimed at gaining access to accounts of the invaded local financial institutions and siphoning off the finances deposited there.

The centre subsequently provided reports on the attacks including the detailed indicators of compromise (IOCs) not only to the AEC clients and customers, but to other companies as well. "Usually, we offer these services exclusively to our clients. The reason for this exception was that any attack by hackers from the Cobalt Group, or TA505, respectively, could be fatal for the unprotected companies, " said Tomáš Filip, Head of CDC.

The companies' representatives acknowledged the decision and willingness of CDC to share the acquired data with deep gratitude and appreciated both the readiness and quality of the work done by the experts from the centre, as well as the provided reports as highly informative.

"In case of the hackers called Cobalt Group, the attack was executed by abusing accounts belonging to a local telephone operating company. These accounts were used for sending credible messages looking as a reminder for the payment of a fictitious invoice and after it was opened, the attacker was able to gain control of the infected computer and spread further over its network," stated Tomáš Filip.

The attacked institution strived to solve the problem on its own but was getting itself into an increasingly arduous situation. At a critical moment, it asked CDC for help. It took less than two hours for the called up expert to uncover the attack and to identify the attacker. After implementing the appropriate tool, the CDC staff took over the activity, began to control every single attacker's step and in the end, eliminated all his efforts.

According to Tomáš Filip, the amount and intensity of the currently detected attacks is bad news for the local companies: "Incidents multiply by order, therefore, it is evident that the Czech Republic and the companies operating here have already become extraordinarily interesting and completely regular targets for these groups. And this was not the case, until recently."

According to him the problem lies in the fact that while the severity and increasing number of cyberattacks are fundamentally changing the environment in the Czech Republic, companies are still trying to brave the dangers with their own limited forces.

"Prevention in the form of active expert supervision is definitely worth the costs for the companies today. This way, the certainty that an attack shall be fended off right in the beginning is the greatest," pointed out Tomáš Filip, while adding that this was the exact scenario in case of the TA505 hacking group's attack on the client. He also added: "But by counting on the fact that you will be able to find a top-class expert on the market available to immediately dedicate his time to your company in the moment of dire straits, you are taking a great risk – either of failure, or that it will take longer than you can afford at such a critical moment."

CDC started to operate about half year ago as a competence centre in AEC, a company firmly established on the market. It aims to provide its clients with cyber protection by monitoring their system and real-time responses to any potential incidents. Over this time, the centre has managed to avert a number of attacks led on an increasing number of its clients as well as on the companies that became customers of the centre only after they were forced to make this decision due to circumstances.

"The key fact is that the highly efficient services provided by CDC are available at a reasonable price to everyone regardless of their situation, also due to its direct connection to the capacities provided by three divisions of the parent company AEC. The main advantage for our clients is that as soon as we spot any issue at one of our customers, we begin an intensive watch over everybody else with help of all available tools and data, be it current or acquired in the past," concluded Tomáš Filip, Head of CDC.

CDC reporty Cobalt Group a TA505