By Dave Waterson, CEO, SentryBay
A report from Accenture last year found that managing the threat and incidence of cyberattacks was higher for the financial services sector than for any other industry. It’s no surprise, therefore, that during the Covid-19 crisis, there has been a huge spike in malicious attacks on banks and finance companies with cyber-criminals determined to exploit every possible vulnerability as companies shift working practices rapidly and with minimum planning.
The virtualised environments and application-centric solutions that are a bi-product of digital transformation will have been advantageous to those finance organisations already embarked on the process. Higher levels of automation and security will deliver resilience and agility, but even with this in place, the proliferation of devices from mobiles through to home PCs now being used to connect with corporate networks, leaves dangerous openings in the security perimeter that are easily targeted.
Such is the threat posed by unprotected mobile devices, all of the UK’s leading mobile operators have joined forces with GCHQ’s National Cyber Security Centre (NCSC) to tackle what are called ‘smishing’ attacks (SMS phishing) created specifically to capitalise on the Covid-19 crisis. Like phishing emails, these are sent as texts designed to trick mobile users into clicking on infected links.
So far, around 50 banks and government organisations have got involved, enabling their text messages to be protected, and over 400 unauthorised text variants are being blocked even as the list grows.
Endpoint security weakness
For those of us working in the IT security industry, the increase in attacks on mobile devices comes as no surprise. As employees started to work from home or from remote locations, accessing corporate data and applications from unmanaged devices including mobiles, tablets, home laptops and PCs became commonplace and necessary. Not every organisation was able to furnish its workers with fully secure technology at such short notice. The easiest way for cyber-criminals to steal sensitive corporate data is by accessing a corporate network remotely from a compromised unmanaged device, so lockdown provided a perfect opportunity.
These devices, or endpoints, are often the weakest link in the security chain, which is why, according to a 2019 report, it was found that 70 per cent of breaches originate at the endpoint.
There are a number of reasons for this. Often these devices have a lower security posture, possibly out-of-date anti-virus or internet security software; they have a higher risk of compromise because they could be running counterfeit or unlicensed solutions; or they are operating from an untrusted network. Banks and financial organisations have very little control over the software that is currently, or has previously been running on the device, and limited options for assessing these deficiencies. On mobiles it is even more unlikely that security solutions will be installed, or up to date.
How does it happen?
Usually unmanaged devices accessing a network remotely are at a higher risk of stolen sensitive data (including corporate login credentials) from attacks involving keylogging, which, along with spyware is ranked the highest global malware, by the NTT Security Threat Intelligence Report. Other attacks to be aware of include screen capture / screen grabbing, man-in-the-browser, saved account detail harvesting, screen mirroring, man-in-the-middle, DLL injection, and RDP double-hop. At the moment, with so few people working within the security of an on-premise network the risk is increased hugely.
Financial and banking organisations need to address their security environment with new approaches. Attacks are increasing by the day, so it’s imperative that steps are taken now, if they haven’t already been, to make sure that unmanaged devices accessing the corporate network carry the same security protocols as managed devices that sit within the corporate perimeter. This includes ensuring that applications accessing the network are isolated from the rest of the potentially-compromised unmanaged mobile or endpoint and protecting against kernel-level threats commonly missed by anti-virus software.
We recommend utilising security solutions that are built for purpose. This means they can protect data entry on mobiles and tablets, particularly into remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications, including Office365. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https.
Rapid deployment is also important, so organisations need to identify solutions that can be up and running within 24 hours, without the need for specially configured software or hardware – a straightforward download and install from pre-configured software is the best route to take. Companies can look out for proven anti-key logging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive data. Access to a portal that allows simple configuration by administrators will be a bonus.
Of course, one area of great vulnerability is the login, so credentials must be checked and advanced mechanisms to identify malware C2 communication are vital
At the moment, we are intensely focused on the impact of Covid-19, but banking and finance organisations should adopt these security measures permanently. In a survey we carried out last month amongst 1550 employees, 63% said that they would want to spend at least some of their working time at home in the future. That being the case, improved mobile and endpoint security must become an essential element of their total security environment.