HOW FINANCIAL ORGANISATIONS CAN AVOID INFECTING CLIENTS AND PARTNERS WITH MALWARE

By Greg Sim, CEO, Glasswall Solutions

A cyber-attack on a London law firm just before Christmas stands as a stark warning for any financial organisation.

Greg Sim

Would-be fraudsters penetrated the cyber defences of the London firm Anthony Gold Solicitors and sent out 1,600 phoney emails to clients, pretending to be from the company. With a subject line “Action Required – Matter for Attention” recipients were asked to open an “urgent” attachment in a bid to persuade them to reveal log-in details and thereby open themselves up to fraud.

While the company apologised and launched an investigation, clients were left feeling uneasy, even if nobody appears to have lost out.In the comments section of the Law Society Gazette following this attack, one of the Anthony Gold clients said he had been expecting an email about money the firm was due to pay him and so clicked on the link given. He also ran a scan (presumably after being contacted by the firm) and found his conventional anti-virus software detected nothing, which is hardly surprising since this type of technology cannot pick up new malware variants or the minute alterations to file-structures that cybercriminals now employ.

Another recipient, who had worked at Anthony Gold, described the quality of the emails as very realistic. Other clients went online to declare their unhappiness with the firm’s response. It was not a great day for the business and sadly, is a classic example of how cybercriminals are using professional organisations as hubs from which to defraud clients. Creating convincing emails, the hackers include attachments that have malicious code hidden either in the active elements of the file or, as is increasingly the case, in its structure.

The key question for any financial organisation is how can it avoid a similar fate? There was nothing unique to the legal world about this attack and it could just as easily have been perpetrated on a bank or insurer where email attachments flow in and out all day long.

All client lists and supply chains are being put at risk by old-fashioned anti-virus technology

It is important to recognise that cyber risk is moving much more heavily into the supply chain now. Criminals are fully aware that organisations are only as safe as their least-secure partners and that clients and their employees implicitly trust professional businesses.

If financial organisations continue to rely on traditional anti-virus technology, however, they run the risk of either being victims of cyber fraud or extortion, or of unknowingly dispersing malicious code to the thousands of client or supplier addresses the hackers want to target. Newly-written code can now sneak through anti-virus systems and trick their way through sandboxing applications by switching themselves off and on. No longer can traditional solutions detect these malicious pieces of code, since they have not been assigned the “signatures” on which the anti-virus industry depends.

If the financial sector continues to rely on a combination of anti-virus solutions and encryption to maintain security, it will have little or no defence against the millions of new malware variants being launched every year. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, but the biggest sources of danger are the zero-day attack triggers inside the structures of common files such as PDFs, Excel and Word. These are threats that traditional anti-virus technology cannot detect.

The upshot of all this is that the financial sector must wake up to the dangers and become more innovative about cyber security technology. The focus has to be on solutions that tackle the menace of phishing emails containing phoney attachments. We know that more than 90 percent of successful cyber-attacks commence when someone receives a cunningly personalised or disguised email and unknowingly opens a PDF, Word, PowerPoint or Excel file that has been subtly altered.

Innovation is the answer in the shape of file-regeneration technology

Experience shows that file-regeneration is the sole means by which organisations can prevent themselves being turned into malware hubs. Towards the end of last year Glasswall found that unexplained code was being written into some of the thousands of documents two law firms sent out to clients and business partners.

In the first incident, code was being inserted into documents by the law firm’s PDF-writing software. At the second firm, the document scanner was incorporating unauthorised code into the structure of digital files it was generating.

In the event it proved to be purely anomalous but it was only detected because each firm has installed file-regeneration technology that examines every out-bound file. This technology will conduct byte-level examinations of each document in fractions of second, generating a ‘known good’ clean and sanitised version that can be used in total safety.The technology has already detected a minute, two-byte change hidden by criminals inside a PDF file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack As a zero-day attack this would bypass traditional signature based security software.

Once files have been sanitised, email traffic continues in full confidence, having been cleaned of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.

In the absence of technologies such as file-regeneration,f inancial organisations are severely jeopardising themselves, their clients and their partners. One of those commenting on the Anthony Gold attack sympathised and speaking from experience said such incidents led to “days of hell”.  For any financial organisation there could be innumerable “days of hell” unless it adopts a more innovative approach to email security.

By Greg Sim, CEO, Glasswall Solutions

A cyber-attack on a London law firm just before Christmas stands as a stark warning for any financial organisation.

Greg Sim

Would-be fraudsters penetrated the cyber defences of the London firm Anthony Gold Solicitors and sent out 1,600 phoney emails to clients, pretending to be from the company. With a subject line “Action Required – Matter for Attention” recipients were asked to open an “urgent” attachment in a bid to persuade them to reveal log-in details and thereby open themselves up to fraud.

While the company apologised and launched an investigation, clients were left feeling uneasy, even if nobody appears to have lost out.In the comments section of the Law Society Gazette following this attack, one of the Anthony Gold clients said he had been expecting an email about money the firm was due to pay him and so clicked on the link given. He also ran a scan (presumably after being contacted by the firm) and found his conventional anti-virus software detected nothing, which is hardly surprising since this type of technology cannot pick up new malware variants or the minute alterations to file-structures that cybercriminals now employ.

Another recipient, who had worked at Anthony Gold, described the quality of the emails as very realistic. Other clients went online to declare their unhappiness with the firm’s response. It was not a great day for the business and sadly, is a classic example of how cybercriminals are using professional organisations as hubs from which to defraud clients. Creating convincing emails, the hackers include attachments that have malicious code hidden either in the active elements of the file or, as is increasingly the case, in its structure.

The key question for any financial organisation is how can it avoid a similar fate? There was nothing unique to the legal world about this attack and it could just as easily have been perpetrated on a bank or insurer where email attachments flow in and out all day long.

All client lists and supply chains are being put at risk by old-fashioned anti-virus technology

It is important to recognise that cyber risk is moving much more heavily into the supply chain now. Criminals are fully aware that organisations are only as safe as their least-secure partners and that clients and their employees implicitly trust professional businesses.

If financial organisations continue to rely on traditional anti-virus technology, however, they run the risk of either being victims of cyber fraud or extortion, or of unknowingly dispersing malicious code to the thousands of client or supplier addresses the hackers want to target. Newly-written code can now sneak through anti-virus systems and trick their way through sandboxing applications by switching themselves off and on. No longer can traditional solutions detect these malicious pieces of code, since they have not been assigned the “signatures” on which the anti-virus industry depends.

If the financial sector continues to rely on a combination of anti-virus solutions and encryption to maintain security, it will have little or no defence against the millions of new malware variants being launched every year. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, but the biggest sources of danger are the zero-day attack triggers inside the structures of common files such as PDFs, Excel and Word. These are threats that traditional anti-virus technology cannot detect.

The upshot of all this is that the financial sector must wake up to the dangers and become more innovative about cyber security technology. The focus has to be on solutions that tackle the menace of phishing emails containing phoney attachments. We know that more than 90 percent of successful cyber-attacks commence when someone receives a cunningly personalised or disguised email and unknowingly opens a PDF, Word, PowerPoint or Excel file that has been subtly altered.

Innovation is the answer in the shape of file-regeneration technology

Experience shows that file-regeneration is the sole means by which organisations can prevent themselves being turned into malware hubs. Towards the end of last year Glasswall found that unexplained code was being written into some of the thousands of documents two law firms sent out to clients and business partners.

In the first incident, code was being inserted into documents by the law firm’s PDF-writing software. At the second firm, the document scanner was incorporating unauthorised code into the structure of digital files it was generating.

In the event it proved to be purely anomalous but it was only detected because each firm has installed file-regeneration technology that examines every out-bound file. This technology will conduct byte-level examinations of each document in fractions of second, generating a ‘known good’ clean and sanitised version that can be used in total safety.The technology has already detected a minute, two-byte change hidden by criminals inside a PDF file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack As a zero-day attack this would bypass traditional signature based security software.

Once files have been sanitised, email traffic continues in full confidence, having been cleaned of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.

In the absence of technologies such as file-regeneration,f inancial organisations are severely jeopardising themselves, their clients and their partners. One of those commenting on the Anthony Gold attack sympathised and speaking from experience said such incidents led to “days of hell”.  For any financial organisation there could be innumerable “days of hell” unless it adopts a more innovative approach to email security.