As reported widely in Swedish media on Monday September 18, 2017 a criminal hackers league has been charged with one of the biggest IT-based frauds in Swedish history. What makes the fraud unique is the severity and extent of the attack; a group of eight criminal hackers from Sweden and Poland has stolen 40 million Swedish kronor from 60 companies, authorities and municipalities; among the victims are several Swedish financial institutions and a political party. The preliminary investigation has been limited to SEK 40 million due to the maximum sentence value, but the scam most likely vastly exceeds that sum.

How the fraud worked and could it have been prevented?

The attackers gained access to the organization’s user IDs and passwords as well as an understanding of how the organization communicates by utilizing malicious files and remote administration tools. This information was then used in the social engineering part of the scam. The add-on of social engineering added to the success rate where users were tricked into clicking on links and/or malicious files which enabled the attackers to gain full access and lateral movement within the victim’s networks.

With the access gained by the criminal activity, attackers were able to redirect significant amounts of products such as IT equipment to alternative addresses. The scam pivoted over time to also include actual changes in financial systems to redirect payments to alternative accounts, hence leapfrogging the logistics side, transferring cash directly to specified accounts.

Jesper Svegby, CEO of Bitsec, part of the European cybersecurity company Nixu, comments that the fraud wasn’t very sophisticated technically but it was advanced in terms of the large scale and strategy. In addition, the attacks evolved over time to generate even better outcome for the criminals, so there was a long-term characteristic involved in the attack that lasted over a long period of time.
According to Jesper Svegby the attacks could have been successfully prevented and stopped, which was the case in many instances. Operations that had on-site control features to prevent malicious code and limited access to remote software had better chances to resist the criminal attack. Furthermore, businesses with a higher security awareness and incident readiness had better capabilities to identify the incidents, respond to them and mitigate them.

Cybersecurity calls for new approach throughout the society

The fraud is setting a new trend in terms of IT related crime, two worlds are converging which has created a significant impact. General company based fraud generating revenue through fake invoicing, tax fraud has in this case been merged with the IT-based crime scene by utilizing malware and weaknesses in systems and procedures to gain access to sensitive systems. The combination has enabled the perpetrators to manage the entire chain in the fraud in a very efficient and scalable manner.