Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Finance

DECEPTION IN DEFENCE OF THE DOLLAR

DECEPTION IN DEFENCE OF THE DOLLAR

Moshe Ben Simon, VP & co-founder, TrapX 

Cybercrime is at an all-time high and it seems that barely a day goes by without an organisation suffering some sort of security breach. It’s also a particularly difficult time for the banking industry; the financial industry is one of the top five targets when it comes to cybercrime and attacks on critical financial infrastructure continue to spread, targeting ATM networks, online banking systems, and specialised financial application transactions. No sooner has the industry recovered from one attack and it’s hit by another – the recent attack against the Union Bank of India is one such example, where hackers used malware to steal the bank’s SWIFT (Society for Worldwide Interbank Financial Telecommunication) codes in an attack very similar to the Bangladesh bank heist in 2016.

The question is, how can banks and other financial institutions protect themselves? Cyber attackers have the ‘first move’ advantage. They understand bank operations and combine that knowledge with technical expertise to conduct sophisticated attacks. Most importantly, these criminals are constantly improving their ability to bypass the latest defences. But, what if we could change these battle lines?

Taking stock

The last couple of years has been tough for the financial industry. In early 2015, attackers exploited a flaw in SWIFT to steal approximately US $9 million from Ecuador’s Banco del Austro. Then came the Bangladesh bank attacks which saw hackers swipe US $81 million. Shortly after that, the same malware used in the Ecuador and Bangladesh hacks targeted another bank, this time in the Philippines.

As with any major financial application – such as those controlling online banking and ATM networks – an application is only as secure as the infrastructure that supports it. Attackers use the same techniques, planning a barrage of attacks to insert custom malware into the network. They only need to succeed once. The similarities between all these recent SWIFT-related banking attacks suggest that, once inside the network, the hackers set up a ‘backdoor’ to establish command and control, and then moved laterally to target multiple assets.

Closer to home, supermarket giant Tesco had to suspend some parts of its online banking system in late 2016 after detecting attempts to steal cash from customers’ accounts. Similarly, Lloyds Banking Group suffered a 48-hour online attack in early 2017 where cybercriminals attempted to block access to 20 million UK accounts. This snapshot of attacks over such a short period of time only serves to highlight how lucrative a target the financial industry is. So, what can these financial institutions do to end the cat and mouse game between themselves and the cyber criminals?

 Deception as a defence

Deception is an age-old tactic used by cyber criminals to out-manoeuvre their targets, constantly using new techniques to hide their identity, remain undetected or conceal their activities on the network. This means that traditional defence methods are no longer enough and organisations need to rethink their security strategies. As deception can be used in attacks, why can’t the same tactics be applied to cyber security?

Advanced deception technology is the cyber equivalent of a trail leading intruders down a false path,enabling organisations to detect the early reconnaissance stage of an attack.  It draws an attacker into an environment where resources that may appear to be attractive, are not what they seem to be.  By emulating a bank’s assets, hackers can be lured into a trap where they cannot compromise the system; to a would-be attacker, these traps are indistinguishable from a genuine IT asset.

Deception technology can also help banks and other financial institutions gain valuable information about an attacker’s tactics and procedures, for example, which systems they are targeting, how they are infiltrating the network and how they are continuing their attempts to extract money. Armed with this knowledge, the security team can make informed decisions about ongoing strategies and bolster resources where needed.

The use of decoy systems to identify and halt attackers is an emerging security trend according to research from Gartner, with some large financial companies and government agencies interested in the approach. Deception is a viable option for improving cyber security, giving the financial industry a new way of dealing with hackers. Rather than waiting for the ‘hit’, they can now play the cyber criminals at their own game.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post