IT security in the Financial Sector
As we move ahead from a busy May, which kept us all busy keeping ‘Wannacry’ at bay. We look back upon the world statistics of the attack and wonder if what measures we have implemented are holding the attackers back or its pure luck. It is always a sigh of relief that the most dreaded call “We are hit!” from a team member was not received. However, there is something inside us, which silently keeps the fear alive of when we are going to be next.
Although there have been numerous articles on IT security we read day in and out, am sure the facts below would definitely raise a brow. As the global economy grows exponentially so does cyber-crime.
The Financial Services Sector is the most targeted sector by cyber criminals and will remain so.
Statistics of Present Attacks
Everyday 300,000 unique malicious objects… that’s right everyday
Cybercrime costs the world $ 400 - $500 billion per year. (*Lloyds Insurance and Juniper research)
The Bangladesh Bank heist: Stolen -$81 Million (4 orders) Blocked because of typo (Fandation)- $870 Million ( 31 orders)Could say the most expensive typo in human history.
The Carbanak attack: $1 Billion. The most sophisticated attacked know until date, where 100’s of bank machines were infected and slowly the entire banks intelligence was harvested. Followed by mimicking the staff to transfer funds to fraudster accounts, E-payment systems, inflating accounts and finally ATM’s were made to dispense cash at a predetermined time.
% of these on financial sector:
• 30% of all cyber-attacks happen on banks and this is increasing.
• After demonetization, there are a number of reports pointing to a surge in cybercrimes related to One Time Password (OTP) fraud, as well as sprouting of malicious mobile applications.
• Banks are targeted for their customer’s online credentials and internal networks for SWIFT transfer and ATM heist.
• Penetration test and Vulnerability test reports are the easiest ways to understand where the company is vulnerable and these reports are the most sought after in the dark net.
• LinkedIn profiles of IT team members usually broadcast what their primary area of responsibilities are and hackers can narrow down on them knowing exactly whom to target.
• USB pen drives containing malware are known to be thrown around parking lots of companies to be attacked; the employee gets the same to office and tries to check. Although the USB’s are usually blocked for all employees, it is a different story if an administrator who usually has access to the same finds the USB.
• Well known legitimate companies who are in software business usually distribute the updates through FTP. These are now known to be compromised and infected files are placed, which a customer thinks to be a legit download as from a trusted source.
• Mobile malware from Applications Store (Google Play)
Shift of attacks from Banking to Retail / Institutional Investors and Depositories
The latest attacks are now seen on trading software, depositories and investment institutes as these are classified as big targets. Most of the trading software use Windows and once the malware has compromised security, it gains access to the trading software. (Buying and selling at will).
HFT (High frequency trading) robots are stolen and modified for market manipulations.
A Russian bank Energobank had 6 malicious trades, resulting in a 10% fluctuation of the USD to the RUB in 5 mins, which left the bank with $ 50,000,000 loss.
A depository institution holds the securities in electronic form also known as book-entry form, or in dematerialized or paper format such as a physical certificate.
Once the hacker gets access to the depository, can change the ownership and take over the entire company. A similar case happened where 10% shares (market value $6 Billion) of a public company were transferred to a hacker.
Dividend payout heist:
X Corp announced 7% dividend
The Record Day on 1 April 2017
Ex-Dividend Day on 29 March, at 15:30 (Market closed)
You have access to depository with 5% ownership of X corp stocks.
29 March at 15:25 ---> Change ownership to hacker account.
At 15:35 ---> Change ownership back to Real owners.
20 April: DIVIDENDS paid to hackers accounts.
Security breaches are no longer just possible. They are inevitable. That’s because attackers’ tactics change faster than security teams can adapt to them. To effectively combat fraud, Financial sector must go beyond conventional anti-fraud solutions. Intelligent platforms are now available that harness data in real-time from across channels to not only deliver a unified anti-fraud mechanism but also helps create a secure ecosystem. Acquiring the ability to carry out a cyber-fraud investigation using data analytics and profiling techniques is a continuous process. While using granular network segmentation, restricting existing pathways to valuable data is an exercise, which is inevitable.
The use of multi-layered Advanced Threat Detection solution is strongly recommended that would provide visibility into different infrastructure levels (such as network, server and endpoint), which is capable of deep object analysis, and leverages a comprehensive multitude of Threat Intelligence sources. This would ensure that even the most well-tailored targeted attacks would be discovered as The threat is persistent, adaptive and sophisticated - and it is here to stay.