Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/20/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Financial Sector Under Siege

The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.

Banks have long been the favorite targets of thieves and gangsters like John Dillinger, back in the 1930s. But increasingly, modern banking isn't conducted on Main Street. It's online and global, and the transactions never stop. But just as banking is changing, so is crime. Today's bank robbers have swapped their Tommy guns and masks for expertise in coding — and there are more of them than ever. As a result, cybersecurity has never been more a critical worry for banks, their clients, and the broader financial sector.

Over the past year, 67% of the banks, credit unions, and other financial firms cited in a recent cybersecurity report by Carbon Black said they'd experienced a greater number of attempted cyberattacks and hacks. Further, 79% reported that the bad guys are getting smarter. Unfortunately, cybersecurity is having trouble keeping up with the sheer volume of hackers who are focusing their efforts on banks; according to the Carbon Black report, many attacks were successful in stealing data or money or otherwise disrupting a bank's business.

Money-Hungry Attackers and State Actors Are Seeking Prey
The financial sector is facing a wide variety of sophisticated threats. Obviously, the treasure trove of customer data and financial assets held by banks makes greedy cybercriminals drool. But although banks typically are better at safeguarding their assets than other industries, they're also up against the world's best hackers, organized crime syndicates, and highly motivated nation-states with deep pockets that want to throw a wrench into the work of their competitors or enemies.

The impact of successful attacks extends beyond the immediate losses of money or customer data. Clients and the markets can lose faith and trust in the company, and mending fences and restoring trust are expensive and sometimes long, drawn-out processes. Also, because of the millions of interconnections between banks, a crisis at one can affect all the others to a greater or lesser degree. This increases risk all around.

The fact is, global rivalries no longer unfold on the battlefield; they happen in cyberspace. A few rogue states — notably North Korea — have managed to sidestep economic sanctions by launching attacks on the Society for Worldwide Financial Telecommunications (SWIFT) and other payment networks. The Hidden Cobra hacking group, from North Korea, is notorious in this regard.

In this environment, it's little surprise that 70% of the surveyed financial institutions reported that financially motivated attackers are their biggest concern. Another 30% of these institutions said that hostile nation-state activities are another big worry.

Attacks Are More Damaging
One of the realities that keeps bank IT security people up at night is the fact that some online attackers are choosing not to simply extort sums of money but to cripple the bank by destroying infrastructure, disabling websites and networks, or taking down entire business units.

In fact, over a quarter (26%) of the surveyed financial institutions said they were victims of attacks in 2018 that were intended to interrupt banking services or erase financial data. This type of attack has skyrocketed over the past year, rising by an astonishing 160%.

And attacks are not only becoming more frequent, they're also changing in nature. The old take-the-money-and-run approach has been replaced by long-lasting tactics more akin to a siege. The preferred methods for such attacks include distributed denial-of-service (DDoS) attacks, land-and-expand attacks that set up multiple points of persistence, and increased dwell time within a firm.

Roughly one-third (32%) of the financial institutions surveyed by Carbon Black said they had run into "counter-incident responses." In other words, the bad guys pushed back. Rather than just slipping through the fingers of IT, they took counter-measures to thwart corporate IT teams and stay on the network.

Homegrown Problems
Just as there are commonalities among attacks, there are similarities in their timing. Many attacks happen shortly after a bank introduces a new platform — online or mobile banking, say — which can unwittingly introduce cybersecurity vulnerabilities that attackers are ready and willing to exploit.

Launching new online services without thoroughly vetting them for security gaps is simply asking for trouble, yet it continues to happen. It is a systemic mistake, and a potentially fatal one — and banks know it. Some 79% of Carbon Black's surveyed financial institutions say they are aware that cybercriminals are more sophisticated than ever. Still, IT security teams find themselves teetering at the edge of crisis mode, or neck-deep in it, instead of proactively finding and fixing the vulnerabilities in their systems.

But we can't blame the IT teams for always being on the run. Sixty-two percent (62%) of the CISOs of the surveyed financial institutions still report to their CIO. This is a governance problem. CISOs must be entrusted with greater authority and their own budgets to maintain security and soundness in the financial sector. They should also report to CEOs or chief risk officers because the way they think is often at odds with content-driven goals of the CIO: uptime and availability.

On the bright side, 69% of the financial institutions CISOs in the survey plan to bump up their cybersecurity expenditures by 10% or more. Seven out of 10 (68%) of these CISOs say they'll use some of that money to recruit more security professionals — although this may be hard to do, given the current global shortage of that sort of expertise.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.