The ALPHV ransomware gang has no mercy for their unwilling victims. The Swiss asset manager Finaport had to find out.
On February 5, the Internet extortionists published a large amount of data on their Darknet leak page, which they allegedly stole in a hacker attack: according to the information on the Darknet, it is 1.2 terabytes.
When Watson made the hacker attack and associated vulnerability public on Feb. 7, we wrote about it a potentially serious ransomware attack. Our research shows that there is cause for concern for high net worth clients, but also for business partners and banks at home and abroad.
watson has taken legal advice and is refraining from detailed coverage of the leak. Because since 2015, Swiss journalists have been threatened with criminal prosecution if they write about leaked bank details.
Below, the Watson editor addresses key questions relevant to the public. And the company in question takes a stand.
Why is Watson reporting the case again?
Because of the potential scope.
Finaport’s LinkedIn page states:
The company’s website is not publicly accessible for more than a week after the cyber-attack became known. And neither on LinkedIn nor on any other platform does the company provide information about the data breach.
For Watson, the question arose whether the persons and institutions affected by the leak at home and abroad had been warned. Whether they are aware of the risks and dangers that now exist: Sensitive information can quickly fall into the wrong hands – and it is feared that it will be used for further, targeted attacks.
As Finaport’s general manager, former UBS banker Fabian Jenny, explains to Watson, the company has stepped up its crisis communications.
An initial statement said that “the central customer databases of the Swiss and Liechtenstein business units” were not affected. The company maintains this vision.
When asked, Finaport’s CEO explains:
What makes the attackers so dangerous?
The ransomware gang behind the “successful” hacking attack on Finaport has repeatedly made headlines for their insidious approach.
ALPHV is one of the most active and dangerous groups offering “ransomware as a service” (RaaS). The leaders would be in Russia and would only work with Russian-speaking “partners,” a senior official said in an earlier interview.
In May 2022, the hackers almost completely paralyzed the Austrian state of Carinthia. All public administration IT systems had to be shut down and emergency work was carried out for days to provide essential services.
However, ALPHV not only has the know-how and tools to move unnoticed in external networks for a long time, steal as much valuable data as possible and then paralyze the systems with malware. The gang also tries to harm unwilling victims as much as possible.
Captured data is not simply made available as compressed files via a link on the Darknet: rather, the criminals operate a real leak site next to the normal leak site, where they pillory their victims Online archive with powerful search function. There you can search by file types and content.
The criminals themselves announced in 2022 that they were introducing this advanced search feature to make the data stolen from third-party servers “more useful to the cybercriminal community”.
Which Finaport customer data did the criminals leak?
Watson is not allowed to say anything about this because of the “snout article” of the Swiss Banking Act mentioned above. Doing the research alone is legally difficult territory.
Finaport confirmed to Watson that in addition to the Zurich headquarters, the Singapore branch was also affected. Our research shows that the “data outflow” is likely to affect many other countries.
It should be noted that the hackers also stole the Outlook mailboxes of current and former employees when they “looted” the Finaport servers. The leaked mail backups may also contain sensitive data.
As for the company’s wealthy clients, we can’t go into detail. Just as much: it concerns financial institutions around the world, but also well-known private banks and large banks in this country.
Finaport assures that all customers have been made aware of the cyber attack. But:
How did the company inform those affected?
Employees, business partners and customers were informed “in direct, personal contact”.
Finaport clarified watson:
Our employees have been informed about the outflow of personal data relating to them. We have also informed you about the possible dangers that such a data breach may entail for you personally and we have informed you about safe behavior practices following such an attack. »
On the other hand, it was decided not to inform the public about their own LinkedIn company page or about another comparable platform.
How was such a massive cyber attack possible?
Finport explains:
The extensive analysis by a specialist company commissioned by our cybersecurity company of the attack methods used, the exact working methods of the perpetrators and, in particular, of the methods and techniques used to leak data, has not yet been completed. We expect the corresponding report in the coming days.”
The lessons learned from this are “shared with stakeholders, business partners and regulators”.
The previous defense measures against cyber attacks have been amended and supplemented in many respects.
What are the consequences of the case?
The effects of the cyber attack are incalculable.
The federal regulator, the Swiss Financial Markets Regulator (Finma), cannot comment on individual cases, a spokesperson told Watson.
Director Fabian Jenny explains:
Finaport has recovered from the attack and – with the exception of the company website – is “unrestrictedly operable again at all levels”. But handling the incident will take some time.
• The supervised Swiss financial institutions should present a concept on how to deal with cyber-attack threats and how to protect their systems and services against such attacks.
• The defense concept had to show how to identify risks, quickly recognize and respond to attacks, and how to restore normal business operations after any problems.
• In addition, banks are required to conduct regular vulnerability analyzes and penetration tests. This should ensure that the protection measures against cyber-attacks remain “up-to-date”.
According to the Banking Law (BankG), a bank is “everyone who is mainly active in the financial sector and accepts or publicly recommends to do so on a commercial basis public deposits in excess of one hundred million francs”.
Sources
- tags-anzeiger.ch: Global criticism of Switzerland’s handling of press freedom (February 2022)
- finma.ch: FINMA publishes Circular “Operational Risks and Resilience – Banks” (December 2022)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
