Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Cyber criminals are holding the financial services hostage: Here’s how to defend against sophisticated attacks

Untitled design 12 - Global Banking | Finance

By Zeki Turedi, CTO, EMEA at CrowdStrike

In the aftermath of the COVID-19 pandemic, financial services companies’ data will be subject to unparalleled levels of threat. The World Economic Forum’s Global Risks Report 2020 found that 76 per cent believe that the risk of cyber attacks will rise throughout this year. Financial services are particularly susceptible to this issue, as F5’s 2020 State of application services report found that 72 per cent lacked security skills. The consequences of the lack of knowledge are not hard to find: a financial services firm in the UK lost £71 million, putting the UK at the top of the list of the largest financial losses following cyber attacks in 2019.

The COVID-19 crisis has made the situation even worse. Since March, CrowdStrike’s 2020 Threat Hunting Report: Insights from the OverWatch Team observed a 330 percent increase in malicious files using COVID-19 themes. This is of particular concern to the financial industry, as it is often victim to the most sophisticated intrusions. Intrusions have increased by 112 percent compared with last year due to bad actors playing on people’s fears by using COVID-19 related spear phishing attempts. These often include financial and invoice related lures.

The move to remote working also has a significant role as companies try to navigate the current threat landscape. As technology departments try to make systems available remotely, they inadvertently leave open doors like Remote Desktop Protocol (RDP). This is one of the most common points of entry used by eCrime actors.

The issue for many companies is that by the time they have been compromised, it’s already too late

A long-established method that cybersecurity teams use for detecting such threats are Indicators of Compromise (IoCs), which can help determine whether a security incident has occured by detecting the remnants of an attack such as executables, registry changes or connected IP addresses . Their nature, however, means that IoCs have security teams investigating and searching for breaches that have already happened, rather than trying to prevent them. Fortunately, recent years have brought about next-generation cloud security solutions; these help security teams to really understand the attacker’s end goal, allowing them to counter breaches more effectively by leveraging Indicators of Attack (IoAs).

A beginners guide to Indicators of Attack

IoAs help security teams to determine and understand common actions that an attacker must conduct to succeed, allowing their investigations to take a more proactive method to thwart attacks. These actions include pro-actively identifying techniques such as initial access,code execution, persistence, privilege control, lateral movement plus many others within a network. The key advantage of acting on IoAs is that they allow security teams to stop attackers in their tracks, before they’re able to jeopardize an organisation’s defences, if they are spotted and acted on.

A spear phishing campaign, which is designed to test a system’s defences, as an example, could be a precursor to a cyber attack. This usually begins with an email which aims to convince a target to open a file that will allow an attacker to execute a malicious implant . Once compromised, the adversary will discreetly perform the steps necessary to have a persistent foothold within the targets network . Security teams proactively checking for IoAs will be able to identify the implementation of any of these steps and recognise an attacker through interpreting what these activities are trying to achieve. This way, security teams are more likely to spot malefactors before they’re able to compromise a network.

A real-world parallel

In a number of ways, one could liken a data breach to a bank robbery. The attacker needs to overcome the target’s security systems and successfully act towards their objective – whether that be sensitive data or bars of gold. In the case of a bank robbery, authorities usually arrive after the crime has happened and can start gathering evidence. The security cameras may contain proof; the robber drove a blue hatchback, wore a bucket hat and used a drill to break into the vault.

Much like IoCs, these pieces of evidence are only discovered after the incident – they show that there was an attack, but the money is already gone. This same evidence could be used to eventually find the robber, but only if they stick to their techniques. If the next time they use a red convertible, wear a baseball cap, and use liquid nitrogen to break into the vault, they will likely be successful again. This is because these new points of evidence will not be a part of the security team’s set of indicators.

A robbery could be completely anticipated and countered, however, if the bank was set up to monitor for IoAs. Just as a phishing attack often foreshadows a data breach, a bank robber might ‘case’ the bank before the heist. Like a phishing campaign, this operation is made of steps that a proactive security team could detect. If the perpetrator tries to disable the system, move towards the vault or attempts to decipher it, the security team can deduce they are trying to rob them. Thanks to this information, they can then intercept the attempt before the thief is able to steal anything at all.

IoAs in practical terms

Although the points of evidence may be less apparent during a cyber attack than in a bank heist, the same principles apply. If a security team can spot IoCs such as an MD5 hash, a C2 domain or a hard-coded IP address, they might be able to use these indicators to prevent future intrusions. However, given that IoCs aren’t a constant parameter, security teams could be left on the back foot as they strive to keep up with the ever-changing threat landscape.

IoAs on the other hand, help security teams to quickly adjust to the situation and intervene to prevent a breach, by allowing them to monitor for suspicious demeanours. By focusing on the strategies, methods and processes attackers follow, security teams can determine who the adversary is, what they are trying to access and why, while providing a proactive approach to confronting advanced threats.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post