Yet another revelation of hackers' attacks on banks serves to highlight the scale of the threats faced by wealth management from computer criminals.

Banks in Russia, Eastern Europe and the US have been hit by a group of cyber-criminals stealing millions of dollars over a period since late 2013, media reports said.

The gang, said to be Russian-speaking, has hit a number of financial institutions although the exact number is unknown, reports, which cited a Russian computer-security firm called Kapersky Lab ZAO, said. That firm’s website made no mention of the issue that this publication was able to identify; this publication is contacting Kapersky Lab ZAO for comment.

If confirmed, the report highlights how cybercrime has become a major headache for banks, including those catering to the wealthy, where privacy around financial information is understandably a concern. (To view a feature article exploring the issues, see here.) Last year, JP Morgan confirmed that millions of account details had been affected by hackers although no evidence was found of actual thefts.

"Cybercriminals have got the infection-to-cash cycle down to a fine art, proving crime does pay when the victim's perimeter can be bypassed and systems manipulated at will,” Mark Bower, vice president, product management at Voltage Security, a tech firm, said in a note about the latest revelations.

“Today, there are few defences against this level of attack sophistication - but new methods have emerged to fight back, especially data-centric security which works by making stolen data completely useless to the criminal who steal[s] it. If the data driving transactions, ledgers, and balances is encrypted at the data field level with modern format-preserving encryption methods, as opposed to the storage level encryption which does not mitigate these threats, the data can be securely armoured so that data tampering without invoking multiple alarms or errors when it is manipulated is practically impossible,” he said. Bower said some “leading banks” are using such techniques already.

Briefings
Some US financial services executives have been briefed on the latest findings, according to the Wall Street Journal. US government officials were aware of the report on Sunday last weekend, though some said they were sceptical about how much money may have been lost at US banks.

The WSJ report said the location of the hackers is unclear. Some of their servers are based in China and some of their Web domains appear to be registered to Chinese nationals, the report says.

“Whatever technologies these banks were using to protect themselves failed. It’s time to look for new technologies,” Amichai Shulman, chief technology officer of Imperva, an IT firm operating in this space, said in a note.

“Such an operation resulted in countless acts of internal credential theft and explorations within the bank network. Clearly setting up traps within end stations would have triggered multiple alerts over time. Organisations must deploy this new technology. The operation involved multiple[s] that are `unnatural’ or `rare’ in normal operations such as `tricking’ the balance of accounts. Clearly it is impossible to scrutinise each and every such operation. Thus a technology that looks at the aggregate effect of such operation over time is something required in today’s landscape,” Shulman said.