By: Mark Gazit, CEO of ThetaRay
Financial institutions are learning the hard way what can happen when criminals get their hands on the latest technology. Gone are the days of robbing tellers at gunpoint; today’s sophisticated criminal networks and nation-states use machine learning and artificial intelligence to target institutions remotely, quietly and through many channels at once. They have figured out banks’ vulnerabilities and exploited them mercilessly through a combination of malware, ATM jackpotting, money mules, money laundering, e-payment/cryptocurrency fraud and more, stealing untold millions to finance terrorism and profit from human and drug trafficking.
So, what exactly is “cross-channel fraud”?
A perfect example can be seen in the tremendously successful Carbanak campaign, which used cross-channel methods to steal more than a billion euros from over 100 banks in 40 countries. It went undetected for four years.
Here’s how they did it:
- They began by purchasing databases of bank personnel and targeted each employee with a spear-phishing email, encouraging them to open malicious attachments.
- Once clicked, the software allowed the hackers to remotely control infected machines, giving them access to the bank’s internal network and servers controlling ATMs.
- They then transferred money through e-payment networks or artificially inflated hundreds of accounts.
- To withdraw the money, they used software to remotely instruct the ATMs to dispense cash at a predetermined time. Bagmen (often members of local gangs) were hired to collect the cash.
- The money was then laundered via prepaid cards linked to cryptocurrency wallets.
Because of the cross-channel methods used by these criminals, Carbanak went undetected for years and required multiple countries and companies working together to bust the ring.
Banks are fighting back, and we are seeing an increased push from regulators, consumers and the banks themselves to invest heavily in technologies that can fight off these evolving attacks. However, the technology they’re using isn’t necessarily up to the task. Many organizations have implemented supervised machine learning. This means that humans must tell it exactly what to look for. When you get down to it, classic machine learning isn’t much different than traditional rules-based risk detection solutions –which can catch scams and red flags that have been seen before, but are unable to detect new types of threats.
Here are the three main problems with traditional machine learning, and why banks must institute a better way of catching the “unknown unknowns” to outsmart cross-channel fraudsters:
It can’t recognize new types of attacks: While it’s heartening to see more financial institutions waking up and realizing they need to implement technology that helps catch cyber criminals, supervised machine learning simply won’t cut it. Criminals will always evolve and find ways around security system. If you’re only looking for attacks that have already happened, you’ll miss all the new ones that are evolving.
Cross-channel fraud is extremely difficult to track: Banks used to know all the ways that attackers could physically access their money. However, now that everything has become digital, the attack surface is larger, and attacks are constantly evolving and hard to pin down. There are so many ways criminals can defraud a bank, and many fraudsters employ more than one method. A little money laundering, a pinch of hacking, a dash of phishing, and voila! Money in their account. Traditional machine learning can’t keep up.
Attacks are growing in sophistication: Today’s fraud schemes have grown dramatically in sophistication to elude not just humans, but technology as well. Criminals are using AI and social conditioning to create gambits that have never been seen before. For example, after breaching a bank’s system via spear-phishing, hackers sometimes monitor the executives’ communication before becoming a ‘man in the middle’ and pretending to be one of them. In other words, if a hacker learns that a C-suite bank employee is leaving the country on vacation and that he’s a cycling enthusiast, the fraudster could email a bank colleague: “John – great riding through Costa Rica. I just got an invoice from the production company who worked on that cryptocurrency documentary. We’re late in paying it –and by contract we’ll pay a 50% fee if we don’t pay it now. Could you wire payment to this account asap?” At face value, it seems like an email that would come from the executive, but once the money is transferred into the fraudulent account, there’s no getting it back!
The next big thing in cross-channel scams has not yet been found, but you can be sure it is happening as we speak. The financial sector is facing a constant escalation of internal and external unknown threats. The diversity of service channels that mix physical and cyber access, like branches, ATMs, online services, and mobile banking, are affected by unique risks tied to each, growing the complexity of internal operations. Along with increasingly rigorous regulatory requirements, managing and mitigating operational risks effectively becomes a major challenge.
Luckily, there are emerging technologies that are making it easier for banks to connect the dots and stop cross-channel fraudsters in in their tracks. Some companies are developing machine learning solutions that point out anomalies with laser precision and the exact parameters by which they are triggered. With next-gen machine learning, fully automated detection is seamless and swift, no matter how much data needs to be analyzed, and more importantly, there is no need for the machine to be ‘taught.’ Banks are overwhelmingly responding to this high computational efficiency, as it allows them to recognize risks immediately, respond, and mitigate the risk and its impact.
What banks need to know about observability
By Abdi Essa, Regional Vice President, UK&I, Dynatrace
More aspects of our everyday lives are taking place online – from how we work, to how we socialise and, crucially, how we bank. To keep pace, financial organisations have stepped up their digital transformation efforts, supported by a shift to dynamic multicloud environments and cloud-native architectures. However, traditional monitoring solutions and manual approaches cannot keep up with these vast, highly complex environments. As a result, many banks are turning to new, observability-based approaches to understand what is happening in their digital ecosystems. These approaches, however, bring new challenges to overcome.
Here are six things banks need to know about observability to ensure they can gain true value, combat the complexities of their modern multicloud environments, and drive digital success in 2021 and beyond.
- Most banks have very limited observability
The scale, complexity, and constant change that characterises hybrid, multicloud environments presents a real challenge to banks’ IT teams. Our research found that, on average, banking digital teams have full observability into just 11 percent of their application and infrastructure environments – not nearly enough to understand what is happening, and why, across the digital ecosystem. Additionally, 87 percent said there are barriers preventing them from monitoring a greater proportion of their applications – including limited time and resources. Without improving observability across the entire cloud environment – by drawing in metrics, logs, and traces from every application – banks’ IT teams are limited in the success they can have driving initiatives to deliver the new banking products and quality user experience customers want.
- You can’t bank on manual approaches
With many banks beginning to rely on more dynamic, distributed multicloud architectures to deliver new services, IT teams are stretched further than ever. More than a third of financial services organisations say their IT environment changes at least once per second, and 65 percent say it changes every minute or less. This rate of change creates a volume, velocity, and variety of data that has gone beyond banks’ IT teams’ ability to handle with traditional approaches – there’s no time to manually script, configure, and instrument observability and set up monitoring capabilities. The need for automation is therefore critical. By harnessing continuous automation assisted by AI in place of manual processes, teams can drastically improve observability to automatically discover, instrument, and baseline every component in their bank’s cloud ecosystem as it changes, in real-time.
- Cloud native adoption is obfuscating observability
To remain agile and keep up with the rapid pace of digital transformation, banks are increasingly turning to cloud-native architectures. Our research found 81 percent of them are using cloud-native technologies and platforms such as Kubernetes, microservices and containers. However, the complexity of managing these ecosystems has made it even harder for banks’ IT teams to maintain observability across their environments. Nearly three-quarters of banking CIOs say the rise of Kubernetes has resulted in too many moving parts for IT to manage, and that a radically different approach to IT and cloud operations management is needed. Such an approach should be based on a solution that is purpose-built to auto-discover and scale with cloud-native architectures.
- Data silos result in tunnel vision
To boost observability, many banks have simply thrown more tools at the problem. Our research found that most organisations use an average of 11 monitoring solutions across the technology stack. However, more isn’t always better, and multiple sources of monitoring data can result in fragmented insights. This fragmentation makes it harder to understand the full context of the impact that digital service performance has on user experience and unravel the nearly infinite web of interdependencies between banks’ applications, clouds, and infrastructure. Instead, financial organisations should seek a single platform with a unified data model to unlock a single source of truth. This will be integral to ensuring that all digital teams are on the same page, speaking the same language, and collaborating effectively across silos to achieve business goals.
- Observability alone is not enough
Simply having observability doesn’t help banks achieve tangible benefits or reach their business goals. To get true value, the data processed must be actionable in real-time. As such, observability is most effective when paired with AI and automation. This observability enables teams to instantly eliminate false positives, prioritise problems based on the impact it will have on the wider organisation, and understand the root cause of any problems or anomalies so they can resolve them quickly. The alternative is to manually trawl through dashboards and data to find insights, which is incredibly time-consuming and makes it almost impossible to act in real-time. Our research found that 94 percent of CIOs think AI-assistance will be critical to IT’s ability to cope with increasing workloads and deliver maximum value to the organisation. AI is clearly no longer just a ‘nice to have,’ but a business imperative.
- Observability isn’t just for the back end
Far from just having observability of their multicloud environments, banking IT teams also need to be able to see how the code they push into production impacts the end-user experience, and how that in turn affects outcomes for the business. This is a major goal for many CIOs, with 58 percent citing the ability to be more proactive and continuously optimise user experience as a benefit they hoped to achieve from increased use of automation in cloud and IT operations. By harnessing automatic and intelligent observability, banks’ digital teams can unlock code-level insights and precise answers to their questions about user experience and behaviour, so they can continuously optimise their banking services.
Observability is key for modern financial organisations looking to accelerate their digital transformation. By understanding these six key things about observability, IT teams will be better placed to master dynamic, multicloud ecosystems, and drive better digital banking services for the business and its customers.
Hackers can now empty out ATMs remotely – what can banks do to stop this?
By Elida Policastro, Regional Vice President for Cybersecurity, Auriga
In 2010, the late Barnaby Jack famously exploited an ATM into dispensing dollar bills, without withdrawing it from a bank account using a debit card. Fast forward to the present day, and this technique that is now known as jackpotting, is emerging as a threat and is growing as an attack on financial services. Recently, a hacking group called BeagleBoyz in North Korea have caught the attention of several U.S. agencies, as they have been allegedly stealing money from international banks by using remote hacking methods such as jackpotting.
The reality behind jackpotting
Jackpotting is when cybercriminals will use malware to trick their targeted ATM machine into distributing cash. As this criminal method is relatively easy to commit, it is becoming a popular tool for cybercriminals, and this trend will sure continue in 2021, unless financial organisations implement policies to prevent this and protect consumers.
During this difficult time, when access to cash has never been more important to banking customers, it is imperative that banks give their customers reliable ATMs that work, 24/7, 365 days a year. However, due to the sensitive data that ATMs possess, such as credit card or PIN numbers, they have now become a profitable object for cybercriminals to manipulate. As cybercriminals have been evolving in their efforts of attacking the IP in ATM machines, we will definitely see more jackpotting stories emerge in the coming months, especially with the large return on investment.
How criminals exploit the vulnerabilities found in ATMs
Since ATMs are both physically accessible and found in remote locations with little to no surveillance, this gives an opportunity for criminals to carry out jackpotting, especially with the software vulnerabilities that may exist in many ATMs.
ATM machines have been easily manipulated due to the outdated and unpatched operating systems that they run on. If banks wanted to resolve this issue and update these systems, it would take large amounts of time and money to do so. However, some banks do not have such resource and because of this, cybercriminals take advantage by penetrating the software layers in ATMs and exploiting the hardware to dispense cash.
How can banks tackle this?
As the sector has a complex technical architecture, banking organisations will have to make sure that they have control over the transactions that take place, and this includes the management of security when it comes to communication between various actors. When financial organisations are reviewing their ATM infrastructure, they will also need to protect their most vulnerable capabilities within their cybersecurity. Banks, for example, can encrypt the channels on the message authentication, in the event bad actors try to tamper with their communications.
Because ATM networks need to be available 24/7, banks not only, need to implement greater protection over their systems, but they need to do so with a holistic approach. One action that banks can take is to implement a centralised security solution that protects, monitors and controls their various ATM networks. This way banks can control their entire infrastructure from one location, stopping fraudulent activities or malware attempts on vulnerable ATMs.
Another way for banks to reduce the risk of jackpotting attacks is to update their ATM hardware and software. To do this, they will need to closely monitor and regularly review their machines in order to spot any emerging risks.
What the future holds for the banking industry
As confirmed by the warnings from the U.S. agencies, jackpotting remains a very serious threat for financial organisations. Evidence has also emerged, which shows hackers are becoming more innovative in their tactics. It was reported last year, for example, that hackers stole details of propriety operating systems for ATMs that can be used to form new jackpotting methods.
The emergence of jackpotting highlights the need for banks to actively work to protect their customers’ personal information and critical systems now and for the foreseeable future. In order to stay secure and reduce the risk of attacks, they will need to put in place the aforementioned solutions, which include updating their ATM hardware and software as well as closely monitoring and regularly reviewing their ATMs. As cybercriminals continue to become more innovative in their ways of attacking the machines, the issues mentioned will only continue to rise if they are not addressed. Although the method of jackpotting requires little action from cybercriminals, if financial organisations can implement a layered defence to their ATM security, they can stop themselves from becoming another victim to this type of attack in the future.
SoftBank Vision Fund set for new portfolio champion with Coupang IPO
By Sam Nussey and Joyce Lee
TOKYO/SEOUL (Reuters) – SoftBank’s $100 billion Vision Fund is poised to have a new number-one asset in its portfolio with the upcoming floatation of top South Korean e-tailer Coupang, furthering a turnaround that has seen the fund yo-yo from huge losses to record profit.
The $50 billion target valuation that Reuters reported this month would likely see the decade-old firm surpass recently listed U.S. food deliverer DoorDash Inc on a roster of assets that also includes stakes in TikTok parent ByteDance and ride-hailers Grab and Didi.
The Vision Fund built up its 37% stake in Coupang for $2.7 billion, mostly at an $8.7 billion post-money valuation, a person familiar with the matter said. The fund is not expected to sell shares in the initial public offering (IPO) that Coupang filed for in New York, the person said, declining to be identified as the information was not public.
SoftBank Group Corp and Coupang declined to comment.
Achieving a $50 billion valuation would add to good news for the fund which is bouncing back from an annual loss in March. This month, it announced record quarterly profit, driven by the listings of DoorDash and home seller Opendoor Technologies Inc and share price rise of ride-hailer Uber Technologies Inc.
The fund has written big cheques for late-stage startups to fuel rapid growth, with two-thirds of the value of its portfolio concentrated in 10 assets including Coupang.
The 10 include 25% of British chip designer Arm – to be sold to Nvidia Corp pending regulatory approval – but not stakes in high-profile stumbles like office-sharing firm WeWork.
The fund’s largest assets include its 22% stake in DoorDash, whose share price has doubled since the firm’s December IPO, sending its market capitalisation to $65 billion.
FACTBOX: Vision Fund’s investment hit parade
SoftBank initially invested in Coupang in 2015, adding it to a stable of e-commerce hits that included 25% of China’s Alibaba Group Holding Ltd, before placing it under the fund.
The e-tailer has grown rapidly during stay-home policies while the COVID-19 pandemic has forced other portfolio firms like Indian hotel chain Oyo to scramble to preserve cash.
Analysts see Coupang’s $50 billion valuation as feasible given its first-mover status and as it expands beyond replacing brick-and-mortar retail with a rising number of online channels.
It is the biggest e-tailer in South Korea that directly handles inventory, with 2020 purchases at about 21.7 trillion won ($19.62 billion), showed data from WiseApp.
“The market’s assessment isn’t exaggerated,” said analyst Park Eun-kyung at Samsung Securities. “Coupang’s market leadership is a premium factor.”
($1 = 1,106.1800 won)
(Reporting by Sam Nussey in Tokyo and Joyce Lee in Seoul; Editing by Christopher Cushing)
Stocks struggle as tech slide erases commodities surge
By Danilo Masoni MILAN (Reuters) – World shares struggled on Tuesday as a rally in commodity-related assets gave in to...
G4S urges shareholders to accept Allied deal as bid battle ends
By Yadarisa Shabong (Reuters) – British private security group G4S on Tuesday urged shareholders to accept Allied Universal’s 3.8 billion...
UK retailers see sharp fall in sales and mounting job losses, CBI says
LONDON (Reuters) – British retail sales fell in the year to February as stores cut jobs at a rapid rate,...
Tesla shares set to skid into the red for the year
LONDON (Reuters) – Shares in Tesla were set to plunge into the red for the year on Tuesday, hit by...
Holiday bookings soar as Britons hope for travel restart
By Sarah Young LONDON (Reuters) – International holiday bookings surged by as much as 600% after Britain laid out plans...
Commodities rally, stocks steady, yields off highs
By Danilo Masoni and Anshuman Daga MILAN/SINGAPORE (Reuters) – Optimism about the economic outlook pushed commodity prices to new highs...
Concern over rich-poor divide seen on the increase during pandemic
By Matthew Lavietes NEW YORK (Thomson Reuters Foundation) – People have become more concerned about the gap between rich and...
Bitcoin tumbles 17% as doubts grow over valuations
By Tom Wilson and Tom Westbrook LONDON/SINGAPORE (Reuters) – Bitcoin tumbled 17% on Tuesday, sparking a sell-off across cryptocurrency markets...
Sterling climbs towards $1.41 as PM sets roadmap to easing lockdown
By Joice Alves LONDON (Reuters) – Sterling edged higher on Tuesday against both the dollar and the euro after Prime...
H&M, IKEA and Stora Enso backed TreeToTextile builds sustainable fibre demo plant
STOCKHOLM (Reuters) – A venture part-owned by Finnish forestry group Stora Enso, Sweden’s H&M and IKEA said on Tuesday it...