Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/20/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Financial Sector Under Siege

The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.

Banks have long been the favorite targets of thieves and gangsters like John Dillinger, back in the 1930s. But increasingly, modern banking isn't conducted on Main Street. It's online and global, and the transactions never stop. But just as banking is changing, so is crime. Today's bank robbers have swapped their Tommy guns and masks for expertise in coding — and there are more of them than ever. As a result, cybersecurity has never been more a critical worry for banks, their clients, and the broader financial sector.

Over the past year, 67% of the banks, credit unions, and other financial firms cited in a recent cybersecurity report by Carbon Black said they'd experienced a greater number of attempted cyberattacks and hacks. Further, 79% reported that the bad guys are getting smarter. Unfortunately, cybersecurity is having trouble keeping up with the sheer volume of hackers who are focusing their efforts on banks; according to the Carbon Black report, many attacks were successful in stealing data or money or otherwise disrupting a bank's business.

Money-Hungry Attackers and State Actors Are Seeking Prey
The financial sector is facing a wide variety of sophisticated threats. Obviously, the treasure trove of customer data and financial assets held by banks makes greedy cybercriminals drool. But although banks typically are better at safeguarding their assets than other industries, they're also up against the world's best hackers, organized crime syndicates, and highly motivated nation-states with deep pockets that want to throw a wrench into the work of their competitors or enemies.

The impact of successful attacks extends beyond the immediate losses of money or customer data. Clients and the markets can lose faith and trust in the company, and mending fences and restoring trust are expensive and sometimes long, drawn-out processes. Also, because of the millions of interconnections between banks, a crisis at one can affect all the others to a greater or lesser degree. This increases risk all around.

The fact is, global rivalries no longer unfold on the battlefield; they happen in cyberspace. A few rogue states — notably North Korea — have managed to sidestep economic sanctions by launching attacks on the Society for Worldwide Financial Telecommunications (SWIFT) and other payment networks. The Hidden Cobra hacking group, from North Korea, is notorious in this regard.

In this environment, it's little surprise that 70% of the surveyed financial institutions reported that financially motivated attackers are their biggest concern. Another 30% of these institutions said that hostile nation-state activities are another big worry.

Attacks Are More Damaging
One of the realities that keeps bank IT security people up at night is the fact that some online attackers are choosing not to simply extort sums of money but to cripple the bank by destroying infrastructure, disabling websites and networks, or taking down entire business units.

In fact, over a quarter (26%) of the surveyed financial institutions said they were victims of attacks in 2018 that were intended to interrupt banking services or erase financial data. This type of attack has skyrocketed over the past year, rising by an astonishing 160%.

And attacks are not only becoming more frequent, they're also changing in nature. The old take-the-money-and-run approach has been replaced by long-lasting tactics more akin to a siege. The preferred methods for such attacks include distributed denial-of-service (DDoS) attacks, land-and-expand attacks that set up multiple points of persistence, and increased dwell time within a firm.

Roughly one-third (32%) of the financial institutions surveyed by Carbon Black said they had run into "counter-incident responses." In other words, the bad guys pushed back. Rather than just slipping through the fingers of IT, they took counter-measures to thwart corporate IT teams and stay on the network.

Homegrown Problems
Just as there are commonalities among attacks, there are similarities in their timing. Many attacks happen shortly after a bank introduces a new platform — online or mobile banking, say — which can unwittingly introduce cybersecurity vulnerabilities that attackers are ready and willing to exploit.

Launching new online services without thoroughly vetting them for security gaps is simply asking for trouble, yet it continues to happen. It is a systemic mistake, and a potentially fatal one — and banks know it. Some 79% of Carbon Black's surveyed financial institutions say they are aware that cybercriminals are more sophisticated than ever. Still, IT security teams find themselves teetering at the edge of crisis mode, or neck-deep in it, instead of proactively finding and fixing the vulnerabilities in their systems.

But we can't blame the IT teams for always being on the run. Sixty-two percent (62%) of the CISOs of the surveyed financial institutions still report to their CIO. This is a governance problem. CISOs must be entrusted with greater authority and their own budgets to maintain security and soundness in the financial sector. They should also report to CEOs or chief risk officers because the way they think is often at odds with content-driven goals of the CIO: uptime and availability.

On the bright side, 69% of the financial institutions CISOs in the survey plan to bump up their cybersecurity expenditures by 10% or more. Seven out of 10 (68%) of these CISOs say they'll use some of that money to recruit more security professionals — although this may be hard to do, given the current global shortage of that sort of expertise.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16966
PUBLISHED: 2019-10-21
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on...
CVE-2019-9491
PUBLISHED: 2019-10-21
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
CVE-2019-16964
PUBLISHED: 2019-10-21
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any comma...
CVE-2019-16965
PUBLISHED: 2019-10-21
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
CVE-2019-18203
PUBLISHED: 2019-10-21
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.