Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

HOW FINANCIAL ORGANISATIONS CAN AVOID INFECTING CLIENTS AND PARTNERS WITH MALWARE

By Greg Sim, CEO, Glasswall Solutions

A cyber-attack on a London law firm just before Christmas stands as a stark warning for any financial organisation.

Greg Sim
Greg Sim

Would-be fraudsters penetrated the cyber defences of the London firm Anthony Gold Solicitors and sent out 1,600 phoney emails to clients, pretending to be from the company. With a subject line “Action Required – Matter for Attention” recipients were asked to open an “urgent” attachment in a bid to persuade them to reveal log-in details and thereby open themselves up to fraud.

While the company apologised and launched an investigation, clients were left feeling uneasy, even if nobody appears to have lost out.In the comments section of the Law Society Gazette following this attack, one of the Anthony Gold clients said he had been expecting an email about money the firm was due to pay him and so clicked on the link given. He also ran a scan (presumably after being contacted by the firm) and found his conventional anti-virus software detected nothing, which is hardly surprising since this type of technology cannot pick up new malware variants or the minute alterations to file-structures that cybercriminals now employ.

Another recipient, who had worked at Anthony Gold, described the quality of the emails as very realistic. Other clients went online to declare their unhappiness with the firm’s response. It was not a great day for the business and sadly, is a classic example of how cybercriminals are using professional organisations as hubs from which to defraud clients. Creating convincing emails, the hackers include attachments that have malicious code hidden either in the active elements of the file or, as is increasingly the case, in its structure.

The key question for any financial organisation is how can it avoid a similar fate? There was nothing unique to the legal world about this attack and it could just as easily have been perpetrated on a bank or insurer where email attachments flow in and out all day long.

All client lists and supply chains are being put at risk by old-fashioned anti-virus technology

It is important to recognise that cyber risk is moving much more heavily into the supply chain now. Criminals are fully aware that organisations are only as safe as their least-secure partners and that clients and their employees implicitly trust professional businesses.

If financial organisations continue to rely on traditional anti-virus technology, however, they run the risk of either being victims of cyber fraud or extortion, or of unknowingly dispersing malicious code to the thousands of client or supplier addresses the hackers want to target. Newly-written code can now sneak through anti-virus systems and trick their way through sandboxing applications by switching themselves off and on. No longer can traditional solutions detect these malicious pieces of code, since they have not been assigned the “signatures” on which the anti-virus industry depends.

If the financial sector continues to rely on a combination of anti-virus solutions and encryption to maintain security, it will have little or no defence against the millions of new malware variants being launched every year. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, but the biggest sources of danger are the zero-day attack triggers inside the structures of common files such as PDFs, Excel and Word. These are threats that traditional anti-virus technology cannot detect.

The upshot of all this is that the financial sector must wake up to the dangers and become more innovative about cyber security technology. The focus has to be on solutions that tackle the menace of phishing emails containing phoney attachments. We know that more than 90 percent of successful cyber-attacks commence when someone receives a cunningly personalised or disguised email and unknowingly opens a PDF, Word, PowerPoint or Excel file that has been subtly altered.

Innovation is the answer in the shape of file-regeneration technology

Experience shows that file-regeneration is the sole means by which organisations can prevent themselves being turned into malware hubs. Towards the end of last year Glasswall found that unexplained code was being written into some of the thousands of documents two law firms sent out to clients and business partners.

In the first incident, code was being inserted into documents by the law firm’s PDF-writing software. At the second firm, the document scanner was incorporating unauthorised code into the structure of digital files it was generating.

In the event it proved to be purely anomalous but it was only detected because each firm has installed file-regeneration technology that examines every out-bound file. This technology will conduct byte-level examinations of each document in fractions of second, generating a ‘known good’ clean and sanitised version that can be used in total safety.The technology has already detected a minute, two-byte change hidden by criminals inside a PDF file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack As a zero-day attack this would bypass traditional signature based security software.

Once files have been sanitised, email traffic continues in full confidence, having been cleaned of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.

In the absence of technologies such as file-regeneration,f inancial organisations are severely jeopardising themselves, their clients and their partners. One of those commenting on the Anthony Gold attack sympathised and speaking from experience said such incidents led to “days of hell”.  For any financial organisation there could be innumerable “days of hell” unless it adopts a more innovative approach to email security.