Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

THE EVOLUTION OF CYBERCRIME AGAINST THE FINANCIAL INDUSTRY
THE EVOLUTION OF CYBERCRIME AGAINST THE FINANCIAL INDUSTRY

Published : , on

By Brian Laing, VP of Products and Business Development, Lastline

Brian Laing

Brian Laing

2016 saw escalating cyberattacks on European and Asian banks. In April of 2016, the SWIFT international money transfer network that connects 11,000 global banks in over 200 countries was used to steal $81 million from the central bank of Bangladesh. More recently, Tesco Bank revealed that a “sophisticated” attack on its online accounts has resulted in £2.5 million loss from the current accounts of 9,000 customers. This attack is considered to be the largest ever cyberattack on a UK bank.

Whilst the methods used by these hackers continue to become more targeted and more technically sophisticated, many banks, and particularly branch operations, continue to operate with severely outdated defensive measures. A lot of these strategies weren’t optimal when they were first implemented and they clearly aren’t working now.A common finding across many of the 2016 banking attacks was that ATMs and other server equipment were still running outdated operating systems,such as Windows XP, with known exploits,and branch offices still had decade old networking equipment – commonly without any available firmware maintenance services.

In examples such as these, where an attacker can use exploits in a weak spot in a banking network, attackers commonly inject an intelligent piece of malware that can lie dormant on the network andwait for the contextually right time to strike. This is called an Advanced Persistent Threat (APT) in cybersecurity parlance.

IBM X-Force researchers reported that after a silent period of eight months, malware called the ‘Ramnit Trojan’ re-emerged targeting six major banks in the UK in August. Querying the Lastline Global Threat Intelligence Networkindicates that these attacks weretargeted primarily at:

  1. Large banking institutions
  2. Government institutions
  3. Large consulting organizations

In addition, at least thirty malware code derivatives of Ramnit were identified in a matter of months, meaning that criminals are sharing code components in order to rapidly develop new attacks. Worse still, since a new “variant” of the malware is created in a rapid fashion, it stands a reasonable chance to slip through older malware filters that scan using a hash or signature only for the original malware type.

Unfortunately this is just one type of attack amongst many others that are used against financial institutions. It’s not that these institutions aren’t trying to protect themselves, but it seems that many IT managers concede that their companies are likely to become victims of a data breach despite extensive investments in security. According to EY’s recent Global Information Security Survey, 56% of all organizations reported that their security systems would be unable to detect a sophisticated malware attack.

The reality is that even the latest firewalls, intrusion protection systems (IPS), and first-generation sandbox appliances are no match for sophisticated and evasive malware or related attacks, especially if the team and process is not in place to identity and remediate the attack. Because networks are only as strong against malicious attacks as their weakest links, banking institution must begin to treat their branch office operations with as much care and cybersecurity investment as any other part of the network or a door will be left open. Modern firewalls, current authentication measures and a new generation advanced malware detection system using behavioural identification methods (versus signatures or hashes) to detect malicious code are key elements in the fight to protect account holder information from being breached and thereby defend brand reputation.

Meanwhile, SWIFT has begun making moves to push its member banks to tighten security for the benefit of all member banks on the network. In a letter to member banks in August 2016, SWIFT indicated, “The threat is persistent, adaptive and sophisticated – and it is here to stay.”

About the Author

Brian Laing is VP of Products and Business Development at Lastline. He has shared his strategic business vision and technical leadership for over 20 years with a range of start-ups and established companies. He’s the author of “APT for Dummies,” and prior to Lastline was VP of U.S. operations for internationally known security leader, AhnLab. Previously Brian founded Hive Media where he served as CEO. He also co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, which released the industry’s first commercial IPS/FW testing tool.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post