Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Brian Laing, VP of Products and Business Development, Lastline

Brian Laing
Brian Laing

2016 saw escalating cyberattacks on European and Asian banks. In April of 2016, the SWIFT international money transfer network that connects 11,000 global banks in over 200 countries was used to steal $81 million from the central bank of Bangladesh. More recently, Tesco Bank revealed that a “sophisticated” attack on its online accounts has resulted in £2.5 million loss from the current accounts of 9,000 customers. This attack is considered to be the largest ever cyberattack on a UK bank.

Whilst the methods used by these hackers continue to become more targeted and more technically sophisticated, many banks, and particularly branch operations, continue to operate with severely outdated defensive measures. A lot of these strategies weren’t optimal when they were first implemented and they clearly aren’t working now.A common finding across many of the 2016 banking attacks was that ATMs and other server equipment were still running outdated operating systems,such as Windows XP, with known exploits,and branch offices still had decade old networking equipment – commonly without any available firmware maintenance services.

In examples such as these, where an attacker can use exploits in a weak spot in a banking network, attackers commonly inject an intelligent piece of malware that can lie dormant on the network andwait for the contextually right time to strike. This is called an Advanced Persistent Threat (APT) in cybersecurity parlance.

IBM X-Force researchers reported that after a silent period of eight months, malware called the ‘Ramnit Trojan’ re-emerged targeting six major banks in the UK in August. Querying the Lastline Global Threat Intelligence Networkindicates that these attacks weretargeted primarily at:

  1. Large banking institutions
  2. Government institutions
  3. Large consulting organizations

In addition, at least thirty malware code derivatives of Ramnit were identified in a matter of months, meaning that criminals are sharing code components in order to rapidly develop new attacks. Worse still, since a new “variant” of the malware is created in a rapid fashion, it stands a reasonable chance to slip through older malware filters that scan using a hash or signature only for the original malware type.

Unfortunately this is just one type of attack amongst many others that are used against financial institutions. It’s not that these institutions aren’t trying to protect themselves, but it seems that many IT managers concede that their companies are likely to become victims of a data breach despite extensive investments in security. According to EY’s recent Global Information Security Survey, 56% of all organizations reported that their security systems would be unable to detect a sophisticated malware attack.

The reality is that even the latest firewalls, intrusion protection systems (IPS), and first-generation sandbox appliances are no match for sophisticated and evasive malware or related attacks, especially if the team and process is not in place to identity and remediate the attack. Because networks are only as strong against malicious attacks as their weakest links, banking institution must begin to treat their branch office operations with as much care and cybersecurity investment as any other part of the network or a door will be left open. Modern firewalls, current authentication measures and a new generation advanced malware detection system using behavioural identification methods (versus signatures or hashes) to detect malicious code are key elements in the fight to protect account holder information from being breached and thereby defend brand reputation.

Meanwhile, SWIFT has begun making moves to push its member banks to tighten security for the benefit of all member banks on the network. In a letter to member banks in August 2016, SWIFT indicated, “The threat is persistent, adaptive and sophisticated – and it is here to stay.”

About the Author

Brian Laing is VP of Products and Business Development at Lastline. He has shared his strategic business vision and technical leadership for over 20 years with a range of start-ups and established companies. He’s the author of “APT for Dummies,” and prior to Lastline was VP of U.S. operations for internationally known security leader, AhnLab. Previously Brian founded Hive Media where he served as CEO. He also co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, which released the industry’s first commercial IPS/FW testing tool.