Credit Bank of Moscow is a universal commercial private bank offering a full range of banking services to corporate and private clients, as well as to financial and credit institutions. The Bank is included in the list of systemically important credit institutions
approved by the Bank of Russia.

The Bank was founded in 1992. It is the second largest private bank in terms of asset volume at the end of the second quarter of 2021 (Interfax-100 ranking data). It’s reliability and stability are confirmed by ratings from leading Russian and international agencies: «A» (RU) from ACRA, «ruA+» from «Expert RA», «Ba3» from Moody’s, «BB» from Fitch, «BB» from S&P, «A+.ru» from NKR. The Bank was the first Russian bank to receive an ESG rating of BBB [esg] from RAEX Europe. The Bank has over 7 thousand payment devices (united network of the bank and Elecsnet) across Russia.

The banking system is one of the most popular targets for cyber attacks by hackers. This is facilitated by the potentially large financial gain and the heterogeneity of the banks’ infrastructure, which provides a large number of entry points and attack vectors. Attackers use many different methods: from BEC attacks (attacks that compromise corporate email), phishing, and ransomware that encrypts data, to direct interaction with endpoint devices such as ATMs and terminals.

Due to the isolated location of many endpoint devices in communities and retail locations, cybercriminals can access them to install malware or devices that read user card data, initiate ATM withdrawals or conduct bogus card recharge transactions by attackers. Given the overall high level of such threats on the Russian market, Credit Bank of Moscow decided to increase the level of protection of its ATMs and terminals from the introduction of malicious software and attempts to connect and use unauthorized peripheral USB equipment as part of its overall risk minimization strategy. The Bank also faced the task of ensuring the risk level compliance with the requirements of its internal documents and state regulators.

To solve these problems, Credit Bank of Moscow performed its own comparative evaluation of all the solutions presented on the market — from the offers of ATM and terminal manufacturers to specialized products of leading companies in the field of cyber security. The choice was made in favor of Trend Micro solution because it allowed for an isolated environment in the field, i. e., to limit as much as possible the influence of hacker interference on the devices that are relatively freely accessible, such as ATMs outside bank branches.

Based on the results of evaluation and testing, which took place throughout 2018 on the Bank’s standard devices, the Bank chose the Safe Lock solution. It was first deployed to the Bank’s network of ATMs and terminals in early 2019 and has been used continuously since then to protect them from malware.

Safe Lock is Trend Micro’s malware intrusion and execution prevention solution for multiple devices and Industry 4.0 environments. Thanks to its support of unique technologies, Safe Lock allows you not to use separate anti-virus software and does not require frequent changes or updates of the devices’ software environment. Safe Lock creates an isolated environment by restricting the functions and resources available on the device with the help of whitelisting to ensure that it is used strictly for the purposes specified by the customer. Files controlled by Safe Lock include .EXE, .DLL, driver and script files. The solution features fast deployment and supports integration with other Trend Micro products, including Portable Security. Another advantage of Safe Lock is its minimal effect on the device performance, which is especially important when used in environments with low computing power.

"We were able to reduce the risks of malware infiltration of ATMs and terminals by creating an isolated environment, developed proprietary “safelists” to limit access to their functions, and ensured regulatory compliance."

Vyacheslav Kasimov
Director of the Information Security Department,
Credit Bank of Moscow

By implementing Trend Micro Safe Lock, the Bank was able to reduce its security management costs, increase its efficiency and compliance levels, and protect its infrastructure from cybercriminals. The solution allows running only bank-approved programs and features on the ATM network and does not affect the infrastructure performance. In the course of Safe Lock’s operation, all major features of the solution are used, including anti-malware protection with reputation checking, integrity control and application startup monitoring, as well as log checking capabilities. The software is currently being integrated with the Bank’s SOC.

Credit Bank of Moscow continues to expand Safe Lock’s functionality in cooperation with the Trend Micro’s support team. Currently, the new Trend Micro TXOne StellarEnforce software is being tested.