Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/20/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Financial Sector Under Siege

The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.

Banks have long been the favorite targets of thieves and gangsters like John Dillinger, back in the 1930s. But increasingly, modern banking isn't conducted on Main Street. It's online and global, and the transactions never stop. But just as banking is changing, so is crime. Today's bank robbers have swapped their Tommy guns and masks for expertise in coding — and there are more of them than ever. As a result, cybersecurity has never been more a critical worry for banks, their clients, and the broader financial sector.

Over the past year, 67% of the banks, credit unions, and other financial firms cited in a recent cybersecurity report by Carbon Black said they'd experienced a greater number of attempted cyberattacks and hacks. Further, 79% reported that the bad guys are getting smarter. Unfortunately, cybersecurity is having trouble keeping up with the sheer volume of hackers who are focusing their efforts on banks; according to the Carbon Black report, many attacks were successful in stealing data or money or otherwise disrupting a bank's business.

Money-Hungry Attackers and State Actors Are Seeking Prey
The financial sector is facing a wide variety of sophisticated threats. Obviously, the treasure trove of customer data and financial assets held by banks makes greedy cybercriminals drool. But although banks typically are better at safeguarding their assets than other industries, they're also up against the world's best hackers, organized crime syndicates, and highly motivated nation-states with deep pockets that want to throw a wrench into the work of their competitors or enemies.

The impact of successful attacks extends beyond the immediate losses of money or customer data. Clients and the markets can lose faith and trust in the company, and mending fences and restoring trust are expensive and sometimes long, drawn-out processes. Also, because of the millions of interconnections between banks, a crisis at one can affect all the others to a greater or lesser degree. This increases risk all around.

The fact is, global rivalries no longer unfold on the battlefield; they happen in cyberspace. A few rogue states — notably North Korea — have managed to sidestep economic sanctions by launching attacks on the Society for Worldwide Financial Telecommunications (SWIFT) and other payment networks. The Hidden Cobra hacking group, from North Korea, is notorious in this regard.

In this environment, it's little surprise that 70% of the surveyed financial institutions reported that financially motivated attackers are their biggest concern. Another 30% of these institutions said that hostile nation-state activities are another big worry.

Attacks Are More Damaging
One of the realities that keeps bank IT security people up at night is the fact that some online attackers are choosing not to simply extort sums of money but to cripple the bank by destroying infrastructure, disabling websites and networks, or taking down entire business units.

In fact, over a quarter (26%) of the surveyed financial institutions said they were victims of attacks in 2018 that were intended to interrupt banking services or erase financial data. This type of attack has skyrocketed over the past year, rising by an astonishing 160%.

And attacks are not only becoming more frequent, they're also changing in nature. The old take-the-money-and-run approach has been replaced by long-lasting tactics more akin to a siege. The preferred methods for such attacks include distributed denial-of-service (DDoS) attacks, land-and-expand attacks that set up multiple points of persistence, and increased dwell time within a firm.

Roughly one-third (32%) of the financial institutions surveyed by Carbon Black said they had run into "counter-incident responses." In other words, the bad guys pushed back. Rather than just slipping through the fingers of IT, they took counter-measures to thwart corporate IT teams and stay on the network.

Homegrown Problems
Just as there are commonalities among attacks, there are similarities in their timing. Many attacks happen shortly after a bank introduces a new platform — online or mobile banking, say — which can unwittingly introduce cybersecurity vulnerabilities that attackers are ready and willing to exploit.

Launching new online services without thoroughly vetting them for security gaps is simply asking for trouble, yet it continues to happen. It is a systemic mistake, and a potentially fatal one — and banks know it. Some 79% of Carbon Black's surveyed financial institutions say they are aware that cybercriminals are more sophisticated than ever. Still, IT security teams find themselves teetering at the edge of crisis mode, or neck-deep in it, instead of proactively finding and fixing the vulnerabilities in their systems.

But we can't blame the IT teams for always being on the run. Sixty-two percent (62%) of the CISOs of the surveyed financial institutions still report to their CIO. This is a governance problem. CISOs must be entrusted with greater authority and their own budgets to maintain security and soundness in the financial sector. They should also report to CEOs or chief risk officers because the way they think is often at odds with content-driven goals of the CIO: uptime and availability.

On the bright side, 69% of the financial institutions CISOs in the survey plan to bump up their cybersecurity expenditures by 10% or more. Seven out of 10 (68%) of these CISOs say they'll use some of that money to recruit more security professionals — although this may be hard to do, given the current global shortage of that sort of expertise.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17789
PUBLISHED: 2019-09-20
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2019-11280
PUBLISHED: 2019-09-20
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain ...
CVE-2019-11326
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same pro...
CVE-2019-11327
PUBLISHED: 2019-09-20
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
CVE-2019-14814
PUBLISHED: 2019-09-20
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.