By Brian Laing, VP of Products and Business Development, Lastline
2016 saw escalating cyberattacks on European and Asian banks. In April of 2016, the SWIFT international money transfer network that connects 11,000 global banks in over 200 countries was used to steal $81 million from the central bank of Bangladesh. More recently, Tesco Bank revealed that a “sophisticated” attack on its online accounts has resulted in £2.5 million loss from the current accounts of 9,000 customers. This attack is considered to be the largest ever cyberattack on a UK bank.
Whilst the methods used by these hackers continue to become more targeted and more technically sophisticated, many banks, and particularly branch operations, continue to operate with severely outdated defensive measures. A lot of these strategies weren’t optimal when they were first implemented and they clearly aren’t working now.A common finding across many of the 2016 banking attacks was that ATMs and other server equipment were still running outdated operating systems,such as Windows XP, with known exploits,and branch offices still had decade old networking equipment – commonly without any available firmware maintenance services.
In examples such as these, where an attacker can use exploits in a weak spot in a banking network, attackers commonly inject an intelligent piece of malware that can lie dormant on the network andwait for the contextually right time to strike. This is called an Advanced Persistent Threat (APT) in cybersecurity parlance.
IBM X-Force researchers reported that after a silent period of eight months, malware called the ‘Ramnit Trojan’ re-emerged targeting six major banks in the UK in August. Querying the Lastline Global Threat Intelligence Networkindicates that these attacks weretargeted primarily at:
- Large banking institutions
- Government institutions
- Large consulting organizations
In addition, at least thirty malware code derivatives of Ramnit were identified in a matter of months, meaning that criminals are sharing code components in order to rapidly develop new attacks. Worse still, since a new “variant” of the malware is created in a rapid fashion, it stands a reasonable chance to slip through older malware filters that scan using a hash or signature only for the original malware type.
Unfortunately this is just one type of attack amongst many others that are used against financial institutions. It’s not that these institutions aren’t trying to protect themselves, but it seems that many IT managers concede that their companies are likely to become victims of a data breach despite extensive investments in security. According to EY’s recent Global Information Security Survey, 56% of all organizations reported that their security systems would be unable to detect a sophisticated malware attack.
The reality is that even the latest firewalls, intrusion protection systems (IPS), and first-generation sandbox appliances are no match for sophisticated and evasive malware or related attacks, especially if the team and process is not in place to identity and remediate the attack. Because networks are only as strong against malicious attacks as their weakest links, banking institution must begin to treat their branch office operations with as much care and cybersecurity investment as any other part of the network or a door will be left open. Modern firewalls, current authentication measures and a new generation advanced malware detection system using behavioural identification methods (versus signatures or hashes) to detect malicious code are key elements in the fight to protect account holder information from being breached and thereby defend brand reputation.
Meanwhile, SWIFT has begun making moves to push its member banks to tighten security for the benefit of all member banks on the network. In a letter to member banks in August 2016, SWIFT indicated, “The threat is persistent, adaptive and sophisticated – and it is here to stay.”
About the Author
Brian Laing is VP of Products and Business Development at Lastline. He has shared his strategic business vision and technical leadership for over 20 years with a range of start-ups and established companies. He’s the author of “APT for Dummies,” and prior to Lastline was VP of U.S. operations for internationally known security leader, AhnLab. Previously Brian founded Hive Media where he served as CEO. He also co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, which released the industry’s first commercial IPS/FW testing tool.