Financial Institutions – target cybercrime more effectively
The finer details of how the knowledge of threat patterns can assist financial organisations in the ongoing fight against cybercrime.
My previous article flagged the key three threat patterns at the heart of 75% of security incidents experienced by financial services organisations – findings resulting from the Verizon 2014 Data Breach Investigations Report, writes Stephen Keenan.
Now let’s take a look at these separately and go into the finer details of how this information can assist financial organisations in the ongoing fight against cybercrime.
Attack #1 – web app
Financial companies increasingly rely on web-based tools to deliver their services. From personal and corporate banking to insurance, payments and trading, most banking services are now accessible through the browser. This makes them extremely vulnerable to web-based attacks.
In the wake of the financial crisis, there is still a lot of ill-will toward banks and other financial institutions and this can explain why, in our 2014 dataset, just under two out of every three web app attacks were attributable to activist groups driven by ideology. These attacks have more to do with causing disruption and damage than with stealing payment card data.
What can you do?
- Use multi-factor authentication. This should not just be applied to customers but for all administrative access
- Consider switching to a static CMS. Instead of executing code to generate the content for every request, pre-generate pages to reduce the opportunity for exploits
- Enforce lockout policies. Locking accounts after repeated failed login attempts will help to thwart brute-force attacks
- Monitor outbound connections. Unless a company’s server has a good reason to send millions of packets to a foreign government’s systems, lock down the server’s ability to do so
Attack #2 – DOS
The scale of DOS attacks has gone up 115% since 2011, as attackers have refined their methods. In the past, malware was often used to co-opt the PCs of unwitting home users into the criminal’s botnet. Now, attackers are targeting servers. These are more powerful and have high-bandwidth connections, allowing the attacker to mount much bigger attacks.
While DOS attacks are rarely connected to attempts to steal data, they can still be extremely damaging to a company’s reputation and business operations. DOS attacks can take down online banking, quoting and policy management trading platforms, even internal systems that might be exposed to the Internet. The impact of these systems going down for an hour, let alone a day, the costs of lost productivity and time spent on remediation can be enormous.
What can you do?
- Segregate key assets. Keep the most important systems on separate network circuits so they won’t be compromised by an attack targeting other servers
- Test anti-DOS services. Don’t install-and-forget about them
- Have a plan. Key operations teams need to know how to react if there is an attack. Organisations should also have a backup plan in case their primary anti-DOS service doesn’t work
Attack #3 – Skimming
The organised criminal groups responsible for skimming attacks are getting extremely sophisticated in their tactics — some use 3D-printing technology to create replicas of ATM fascias that are incredibly difficult to tell from the real thing. These can be installed in seconds, and wirelessly send card details back to the criminals. As a result, most breaches are only detected after customers notice fraudulent activity on their accounts. But there are still actions organisations can take to defend against these attacks.
What can you do?
- Use tamper-resistant terminals. ATMs are increasingly designed with this in mind and most can be retrofitted
- Use tamper-evident controls. Automated video monitoring can detect visual anomalies
- Encourage users to be vigilant. Have them report their concerns immediately
- Inspect ATMs frequently. Have staff inspect ATMs as often as possible to reduce the window in which a skimmer could be in place
Remember – No one is immune from a data breach. The battle against cybercrime is one that is still in progress, and attackers have their eyes firmly on the prize of the rich data that financial institutions hold. Combine this with the longer time it is taking organisations to identify compromises– often weeks or months, compared with the minutes or hours it takes to be infiltrated – then more targeted action needs to be taken.
In a nutshell, be on the offensive and not the defensive as cybercrime certainly exists. Don’t believe for an instant that it will go away.