Moshe Ben Simon, VP & co-founder, TrapX
Cybercrime is at an all-time high and it seems that barely a day goes by without an organisation suffering some sort of security breach. It’s also a particularly difficult time for the banking industry; the financial industry is one of the top five targets when it comes to cybercrime and attacks on critical financial infrastructure continue to spread, targeting ATM networks, online banking systems, and specialised financial application transactions. No sooner has the industry recovered from one attack and it’s hit by another – the recent attack against the Union Bank of India is one such example, where hackers used malware to steal the bank’s SWIFT (Society for Worldwide Interbank Financial Telecommunication) codes in an attack very similar to the Bangladesh bank heist in 2016.
The question is, how can banks and other financial institutions protect themselves? Cyber attackers have the ‘first move’ advantage. They understand bank operations and combine that knowledge with technical expertise to conduct sophisticated attacks. Most importantly, these criminals are constantly improving their ability to bypass the latest defences. But, what if we could change these battle lines?
The last couple of years has been tough for the financial industry. In early 2015, attackers exploited a flaw in SWIFT to steal approximately US $9 million from Ecuador’s Banco del Austro. Then came the Bangladesh bank attacks which saw hackers swipe US $81 million. Shortly after that, the same malware used in the Ecuador and Bangladesh hacks targeted another bank, this time in the Philippines.
As with any major financial application – such as those controlling online banking and ATM networks – an application is only as secure as the infrastructure that supports it. Attackers use the same techniques, planning a barrage of attacks to insert custom malware into the network. They only need to succeed once. The similarities between all these recent SWIFT-related banking attacks suggest that, once inside the network, the hackers set up a ‘backdoor’ to establish command and control, and then moved laterally to target multiple assets.
Closer to home, supermarket giant Tesco had to suspend some parts of its online banking system in late 2016 after detecting attempts to steal cash from customers’ accounts. Similarly, Lloyds Banking Group suffered a 48-hour online attack in early 2017 where cybercriminals attempted to block access to 20 million UK accounts. This snapshot of attacks over such a short period of time only serves to highlight how lucrative a target the financial industry is. So, what can these financial institutions do to end the cat and mouse game between themselves and the cyber criminals?
Deception as a defence
Deception is an age-old tactic used by cyber criminals to out-manoeuvre their targets, constantly using new techniques to hide their identity, remain undetected or conceal their activities on the network. This means that traditional defence methods are no longer enough and organisations need to rethink their security strategies. As deception can be used in attacks, why can’t the same tactics be applied to cyber security?
Advanced deception technology is the cyber equivalent of a trail leading intruders down a false path,enabling organisations to detect the early reconnaissance stage of an attack. It draws an attacker into an environment where resources that may appear to be attractive, are not what they seem to be. By emulating a bank’s assets, hackers can be lured into a trap where they cannot compromise the system; to a would-be attacker, these traps are indistinguishable from a genuine IT asset.
Deception technology can also help banks and other financial institutions gain valuable information about an attacker’s tactics and procedures, for example, which systems they are targeting, how they are infiltrating the network and how they are continuing their attempts to extract money. Armed with this knowledge, the security team can make informed decisions about ongoing strategies and bolster resources where needed.
The use of decoy systems to identify and halt attackers is an emerging security trend according to research from Gartner, with some large financial companies and government agencies interested in the approach. Deception is a viable option for improving cyber security, giving the financial industry a new way of dealing with hackers. Rather than waiting for the ‘hit’, they can now play the cyber criminals at their own game.