{"id":24131,"date":"2022-02-18T20:13:04","date_gmt":"2022-02-18T20:13:04","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/threat-intelligence-latam-bank\/24131\/"},"modified":"2022-02-18T20:13:04","modified_gmt":"2022-02-18T20:13:04","slug":"threat-intelligence-latam-bank","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/threat-intelligence-latam-bank\/24131\/","title":{"rendered":"Attack on a bank in Latin America"},"content":{"rendered":"<p>For many companies, \u201cthreat intelligence\u201d means only indicators of compromise data and information on specific cybercriminal tools. But in fact, <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/threat-intelligence\/\" target=\"_blank\" rel=\"noopener\">threat intelligence<\/a> implies a much deeper knowledge about threat actors, including tracking their activity on the network. Sometimes this information allows you to not only to get an idea of the criminal methods and tactics, but also to prevent a cybercrime. A vivid example is the recent case of a Latin American country\u2019s central bank.<\/p>\n<h2>What happened<\/h2>\n<p>While studying cybercriminal activity, our experts learned that one group managed to access the bank\u2019s network. Investigators immediately notified the victim, contacted Interpol and jointly conducted a thorough investigation into the incident. As a result, they managed to eliminate vulnerabilities in corporate infrastructure and prevent real financial losses. Unfortunately, we \u0441annot share the details of the incident and describe how the attackers penetrated the bank\u2019s network.<\/p>\n<h2>How our experts managed to detect the activity of intruders<\/h2>\n<p>Not all cybercriminals are responsible for a full attack cycle \u2014 from initial studying the target to the final move (which is usually data or money exfiltration, or ransomware infection). There are groups that specialize exclusively in gaining access to the infrastructure of companies: having successfully penetrated the network, they try to sell access to those who can organize an attack on the dark web or on hacker forums. Moreover, there are so-called Initial Access Brokers that buy access and then resell it to other cybercriminals.<\/p>\n<p>While studying the activities of completely different criminals, our researchers discovered that someone is looking for partners to attack the bank in order to perform some kind of cyberfraud. They shared some information as a proof of access to the bank\u2019s infrastructure, and it helped our experts to identify the victim and prevent the crime.<\/p>\n<h2>How threat intelligence can help a particular company?<\/h2>\n<p>In this case our experts were not searching for signs of an attack on a particular bank. This bank wasn\u2019t even our client. However, our instruments can allow you to track threats for a specific organization. Our <a href=\"https:\/\/www.kaspersky.co.uk\/enterprise-security\/threat-intelligence?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Threat Intelligence<\/a> portfolio includes a Digital Footprint Intelligence service that allows you to create a dynamic \u201cdigital portrait\u201d of an organization, and then to track dangerous symptoms through open sources on the dark web and deep web. Sometimes this allows you to prevent quite serious cyber incidents.<\/p>\n<p>In addition, to protect against sophisticated attacks, we recommend using services such as <a href=\"https:\/\/www.kaspersky.co.uk\/enterprise-security\/managed-detection-and-response?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Managed Detection and Response<\/a>. It allows your cybersecurity team to employ the help of external experts to detect and stop complex attacks on company infrastructure at an early stage.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\">\n","protected":false},"excerpt":{"rendered":"<p>How threat intelligence helps prevent cyberattacks on enterprises.<\/p>\n","protected":false},"author":2581,"featured_media":24132,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1836,2360],"tags":[312,472,2904,2030],"class_list":{"0":"post-24131","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-attack","10":"tag-banking-threats","11":"tag-mdr","12":"tag-threat-intelligence"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/threat-intelligence-latam-bank\/24131\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/threat-intelligence-latam-bank\/23916\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/threat-intelligence-latam-bank\/19403\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/threat-intelligence-latam-bank\/9760\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/threat-intelligence-latam-bank\/26167\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/threat-intelligence-latam-bank\/23940\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/threat-intelligence-latam-bank\/26938\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/threat-intelligence-latam-bank\/26478\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/threat-intelligence-latam-bank\/32408\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/threat-intelligence-latam-bank\/10532\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/threat-intelligence-latam-bank\/43722\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/threat-intelligence-latam-bank\/18572\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/threat-intelligence-latam-bank\/19025\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/threat-intelligence-latam-bank\/15815\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/threat-intelligence-latam-bank\/28204\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/threat-intelligence-latam-bank\/28129\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/threat-intelligence-latam-bank\/24843\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/threat-intelligence-latam-bank\/30259\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/threat-intelligence-latam-bank\/30038\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/threat-intelligence\/","name":"threat intelligence"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=24131"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24131\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/24132"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=24131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=24131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=24131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}