Author: Lucas Zaichkowsky, Enterprise Defense Architect, Resolution1 Security
Synopsis:Financial criminals dance with glee as the shopping season approaches. If your organization accepts a high volume of credit cards and partakes in the shopping madness or is a payment gateway, you would be taking a huge risk by not being on high alert to identify an attack in progress as we enter the shopping season. This article provides insights into attacks and addresses how to detect targeted attacks in progress and respond before major damage occurs
With Christmas around the corner, the shopping frenzy will begin as consumers find good deals and retailers increase their sales revenues, but they’re not the only ones that benefit from the shopping craze. Financial criminals are well aware that this is the best time of the year to steal credit cards and maximize their own earnings. Now is the most critical time for retailers and online businesses to be vigilant. I’ll explain how and why advanced targeted attacks work.
Although news stories on large scale data breaches often focus on malware and how the attackers got in, what goes on behind the scenes is much more elaborate. There’s much that can be learned by studying the full attack lifecycle to identify an intrusion in progress and put a stop to it. Although there are well-established phases of an attack in the data forensics and incident response world, I’m going to focus on a simplified version with three: initial infiltration, lateral movement, and data exfiltration.
Initial infiltration is the point of entry where an attacker gains unauthorized access to your network. Most legacy security investments attempt to prevent any and all systems from being compromised. Although this may have worked 15 years ago when self-replicating viruses and worms were all the rage, those days are gone. Time has proven that preventative defenses amount to barriers with limitations. Additionally, organizations can only secure what’s under their administrative control which makes things tough in an age of BYOD, remote workers, contractors, third party service providers, and connections to trusted partners. Initial infiltration can be anything from a backdoor delivered by spear phishing to a web application exploit to compromised user credentials.
Lateral movement is what an attacker does once they’ve accomplished initial infiltration. If security today is failing miserably, this is the stage where it’s happening. Attackers perform reconnaissance inside the network. They steal passwords for users, administrators, and service accounts. They create their own accounts. They access the network using VPN or another normal mode of access to blend in. They plant various backdoors on dozens or hundreds of systems to ensure persistent access. They snake their way to the data they’re after. Even in the most secure environments using two-factor authentication and tightly limited access, attackers will find overlooked paths, systems they can pivot from, and even modify network device configurations if they have to.
Meanwhile, companies secure and monitor servers housing sensitive data. They tend to forget that regular workstations and non-critical servers are a paradise for hackers to work from, avoiding detection. The data that attackers are after is accessible through means other than compromising specific servers. There’s always a data flow to and from servers with access mechanisms. Advanced attackers excel at uncovering and exploiting access to data flows. Sometimes they plant specialized software for RAM scraping, network sniffing, and keystroke recording. Other times, they modify production code to make copies of the data as it passes through. Sometimes they can simply connect to a server using stolen credentials and send the right commands to retrieve data.
Data exfiltration is what the attacker does to transport data from the point it’s being stolen from to a location outside the corporate environment. They’ll often move stolen data inside the network to a seemingly random system used as a staging ground, then upload it from there to a server on the internet. This goes undetected by obfuscating or encrypting the data, then blending in with normal web traffic. If the attacker made it this far unnoticed, there’s a good chance they’ll continue to steal data unnoticed until you either get lucky and self-discover the compromise or until they start selling the stolen card data on the black market. Statistically, you’ve got about a 1 in 3 chance of self-discovering at best.
How to detect targeted attacks in progress and respond before major damage occurs
Kill chain, intelligence, and analytics are officially in fashion, hot on the heels of Advanced Persistent Threats (APTs). Bonus points if they’re in the cloud with the Internet of Things. Here’s how organizations can proactively hunt for attacks into their networks.
Kill chain analysis and attacking the kill chain are a part of intelligence-driven defense, popularized by the smart people at Lockheed Martin. The kill chain is based on the core premise that attacks follow a lifecycle or sequence of progressive steps committed by the threat actor during an intrusion. By cataloging and studying the tactics, techniques, and procedures of threat actors, you can effectively prioritize preventative defenses and detect an attack in progress. After all, attackers are human and predictable. They’ll reuse hacking tools and repeat what’s worked for them in the past. Even personal habits such as naming conventions tend to get repeated.
In the case of targeted financial crimes, initial entry is usually accomplished by exploiting a web application or compromising the credentials of a vendor that has access into your environment. Knowing that, you can focus on those two points of entry for system hardening and access control while increasing additional monitoring mechanisms to be on the lookout for suspicious activity coming from those sources should they become compromised.
Access to immediate information on recent threats, cybercrime syndicates and industry resourcesprovide up-to-date intelligence on APT and their attackers. Open source intelligence resources name off hacking tools commonly encountered during the lifecycle of an attack such as specific families of RATs and credential stealers. Poison Ivy, Gh0st RAT, Windows Credential Editor, pwdump are just a few tools still commonly used. Samples of other tools such as RAM scrapers are available from places like KernelMode.info and Contagio. Once gathered, incident responders can analyze all these nasty binaries in a lab environment to identify key observable traits: what they look like in memory, network traffic patterns, endpoint changes, and logged activity.
Next, take the data and transform it into indicators of compromise, documented using standards like CybOX, YARA, or OpenIOC. Monitor as many endpoints as possible, network traffic, logfiles, and application data for matches against your indicators.
Follow the kill chain model by gathering intelligence on their attack methodology such as targeting domain controllers and servers where many users authenticate in order to harvest user credentials en masse. Attackers like to use scheduled tasks to execute commands against remote systems. They use well known staging directories like the Windows help folder and the root of Recycler. As you better understand the attacker methodology, you can perform the same steps in your lab environment, document indicators, then monitor everywhere possible.
During the process, you may identify places to harden your system and network configurations to slow an attacker down and frustrate them. You can set up tripwires to detect attempted hacking activity that aligns with their methodology. One good trick is to have emails sent to administrators whenever their admin accounts are being used.
Authoring indicators and putting them to good use may seem like a lot of work, but it puts you in a position where you’re able to detect a real world attack while it’s still in progress. This provides the ability to contain, scope, and remediate before major damage is done.
Analytics on the other hand means mining datasets, pivoting, and correlating to identify patterns and outliers. By searching for outliers (aka Frequency analysis), you can find unknowns that might not belong. Creative thinking skills are very important for performing analytics. Marketing teams have been doing it for years to study consumers. Security practitioners need to do the same, but in their own context.
One of the most effective ways to identify compromise is to perform analytics with the goal of identifying persistence mechanisms (backdoors). Pull back autoruns from every system and sort by frequency of occurrence from least to most, then focus on the uncommon entries in your environment. In fact, if you’ve got limited time to look for compromise, I’d recommend doing this before developing and chasing down indicators of compromise. There will be a lot of noise the first time, but it’s worth the energy. You’ll create a baseline useful for making autoruns frequency analysis a less painful regular activity, effectively focusing only on what’s changed since the prior search.
If you don’t have an enterprise tool to do autoruns frequency analysis, you can still squeak by with a hack job involving SysinternalsAutoruns, Trend Micro HiJackThis, or MandiantRedline. Execute those tools remotely against systems, piping the results out to text files then merge and mine it with the help of a decent programmer or DBA. Be careful to protect the privileged account you use to connect to systems remotely.
Whether you’re a retailer, online business or enterprise this holiday season, increase your proactive scans and hunts for suspicious activities. Happy holidays and good luck in your quest to find an attack in progress!
Beyond Transactions: The Payment Revolution
By Marwan Forzley, CEO of Veem
The uninterrupted disruption brought on by the pandemic accelerated the need for robust, digital-first tools created to support remote teams and accelerate online commerce.
As offices across the US moved to work from home for indefinite periods, specialized back office departments handling sensitive information have had to go a layer deeper to find tailored solutions that support the transition of their in-person workflow. For finance teams, payment approvals, issuance, and general management became a challenge overnight. Particularly for those who — even in 2020 — continued to send and receive paper checks through the mail.
For years and even to this day, millions of small business owners around the world have relied on slow and confusing bank processes to manage their business finances. Every day, they spend valuable time using old, complex and expensive platforms to transact with domestic and international vendors — never knowing where their payment is or even when it arrives at its destination.
With ongoing economic and logistical uncertainty looming as we move into 2021, this old norm should not be expected for much longer. This year has seen small business owners wear more hats than ever before, and has influenced a mass adoption of online financial applications that offer heightened security, save more time, and provide more value as budgets tightened.
A study conducted by Mastercard earlier this year saw online business-to-business payments skyrocket in popularity with more than half (57%) of small business owners across North America turning to digital services since the start of the pandemic to improve cash flow and modernize their payment processes.
If this study is of any indication, the days of making an appointment with a banker or sending a wire transfer through an outdated web portal have passed. And the time for the payment revolution is here.
Putting the user in the driver’s seat
Major world events have always acted as a catalyst for innovation and change. As of a result of the growing pains we experienced this year, in 2021 businesses can finally say goodbye to huge transaction fees and bank-imposed gatekeeping when it comes to managing their financial processes.
The financial technology firms, in partnership card and local bank networks and sometimes even each other, have been building and iterating on products over the past decade that were created to work flawlessly from a desktop or smartphone.
For the first time, small businesses have access to needed, user-friendly financial tools packaged to make their lives easier. No longer reserved for major enterprises, those previously underserved by traditional banks can sign up for applications that consolidate billing, payments, working capital and more to one central dashboard.
With the owner in the driver’s seat, they can better communicate with vendors and customers and reallocate their time previously spent manually sending, receiving and reconciling payments toward growing their business — without ever stepping foot out of their home.
Genuinely seamless and automatic integrations with complimentary functions aligned to core financial activities mark a fundamental change in how businesses will choose to operate moving forward. Not only should experiences be integrated, but the entire lifecycle of the transaction should be digital.
Consider a freelance contractor that uses a time tracking and invoicing software to invoice a client. Through an integration between the time tracking tool and Veem (a complete online business payment tool) the client receives and captures the invoice within their Veem payment dashboard. Because Veem and Quickbooks are integrated partners, as soon as the invoice is received, a bill is automatically created, marked as paid, and reconciled on the client’s accounting software as soon as the funds are issued.
In this flow, the contractor only needs to send an invoice, and the client only has to approve the payment for everything else to move. Thoughtful integrations like these empower businesses to log-in to one application, but benefit from several, ultimately eliminating inefficiencies.
Understanding that old habits die hard, it’s expected that businesses of any size have questions when it comes to moving payments from a bank to an online provider.
Answering these questions with unprecedented product value and relentless transparency is the best way forward to bring more businesses onboard in 2021.
This means providing up front pricing, tracking, choice and flexibility to users. Before, during and after the pandemic, cash flow management remains the most critical part of running a small business. Digital payment providers enable the entrepreneur to have unparalleled insight, visibility, and control over their cash flow.
Through non-bank payment options, businesses can secure their information over a secure data network, watch their money move from origin to destination, and choose the speed at which they would like funds to move. By these tools working in harmony, the user can remove friction and spend more time focused on their business.
Separating the signal from the noise
2020 is a year that changed everything for the global small business community. In a report by Veem issued at the start of the pandemic, an overwhelming 80% of businesses shared that they anticipated COVID-19 to impact their business over the next 12-16 months. Problems surfaced that many didn’t even realize they had. And in finding those problems, businesses turned to technology to support them.
As enabling technology, it’s our job to listen and bring clarity and solutions to those contributing to and growing our local and global economies despite the hurdles and challenges they’ve faced.
Right now, small businesses deserve more. More access, more choice and more credit. In the road ahead we expect online payments and bundled user friendly financial services to play a pivotal role in the recovery of small businesses. The payment revolution will see the continuation of important and meaningful products that value the users time and enable businesses to launch, grow, and scale regardless of what’s to come in 2021.
The UK’s hidden payments crisis: why businesses should rethink their payments strategy
By Edwin Abl, Chief Marketing Officer at Modulr.
As the economic conditions imposed by the Coronavirus endure, businesses are facing a dilemma about how to reduce operational costs while meeting customer needs in as economical a way as possible. And all without compromising on their quality of service.
A recent survey of 200 payments decision makers across the UK, revealed there are hidden costs of payment processing which will have an exponentially greater impact on wider businesses if left untreated. It found, UK businesses are spending an average of £1.5m a year in costs attached to payments – money they simply cannot afford to lose to inefficient processes in these uncertain times.
Businesses need to plug any holes in their boat to avoid sinking. And for many this includes the examination and recalibration of their payments strategy.
The research reveals that the payments process now represents a huge 12% of a business’s total operational expenditure. With two-thirds (64%) of all businesses expecting the cost of payment processing to increase over the next two years.
Two thirds (67%) of payments decision makers surveyed believe the way they process, and service payments has had a direct impact on their customer experience. In fact, 62% of respondents believe the hidden costs of poor payments outweigh the hard costs. This indicates that a poor payments strategy is no longer something business leaders can ignore, as it now has a far greater and unseen impact on wider business mechanics.
The top three hidden costs attached to inefficient payment processes were ‘impact on customer experience/satisfaction’ (38%), ‘influence on relationships with other teams and departments (35%) and ‘impact on competitor differentiation’ (31%).
These findings suggest there is widespread consensus that getting payment operations right, directly creates performance boosts elsewhere in the business. When asked to estimate, as a percentage, the business performance boost received if hidden payment inefficiencies were resolved, the average margin for improvement was +14%, with traditional banking the sector most likely (31%) to predict a performance gain greater than +15%.
The 5 key steps UK businesses can take to drive payment efficiencies
There are five key areas payments decision makers and tech leaders should be looking to change, so that they can drive end-to-end payment process efficiencies:
1 – Locate hidden payment process inefficiencies
Visibility is a key issue. Respondents across large (46%) and small businesses (47%) say they have very clear metrics directly related to payment process costs. Only 8% say that they don’t understand the costs involved. Yet, businesses know they could do better with improved visibility of costs. Both large and smaller companies cite ‘lack of visibility for operational costs’ as the top challenge when it comes to achieving strategic goals around payment process and money services provision.
Digital banking companies, including lenders and FinTechs, identified ‘lack of visibility for operational cost’ as a challenge when it comes to increasing payment services revenue (37%). This is in comparison with all respondents mentioning other issues such as lack of skills (25%) and constrained resources (25%) as secondary and tertiary challenges respectively.
For many businesses, developing a cost model for current and projected payment process costs, both hard and hidden, is a top priority.
2 – Make payments key to stakeholder experience management
Customer, departmental and even supply chain partner experiences are increasingly intertwined. There is no doubt that customer experience is a top priority for payment services strategy. But enhancing the broader stakeholder experience is a close second, and certainly complements the former.
Employee experience affects customer experience. So, payment services innovation must extend beyond customer touchpoints. Happy employees who feel they are working with effective and efficient payments systems will be best placed to enhance the customer experience. And, employees in commercial roles who have bought into the benefits of efficient payments will naturally want to extoll those benefits to customers.
Companies with a sophisticated and integrated supply chain are likely to be the frontrunners in implementing the integrated payment services that benefit all stakeholders, due to their historic experience. As customer experience management evolves into a broader discipline of stakeholder experience management, including employees and supply chain partners, it will become more crucial than ever to include payment services experience
3 – Integrate and automate to support payment innovation
Payment innovation is driving a culture change, connecting previously siloed functions such as IT and finance. There is increasing integration of systems from customer relationship management (CRM) and enterprise resource planning (ERP), into accounts and payments. The research tells us that payment processes are impacting nearly every department, affecting areas including customer experience, brand, leadership, business agility and ultimately, revenue. Integration enables new business models for paying suppliers and customers.
Automation is key to driving efficiency, replacing manual error-prone and time-consuming processes with real-time and responsive, digital ones. This is particularly the case when it comes to operational and payment processes.
Indeed, 52% of large companies say that team hours spent on payment processes was their biggest hard cost attached to payments, compared with 26% of smaller companies who share that view. This suggests that automation could contribute more to cutting the cost of payment processes in large companies.
A host of payments-as-a-service providers (including Modulr) are supporting customers to do just this by enabling them to stream a whole unified product ecosystem of payments functionality directly into their own software.
4 – Bring business leaders together
Payments innovation is driving systems integration and creating a more collaborative stakeholder ecosystem. As all the C-level roles become increasingly focused on the customer experience, the finance remit now includes overall business operations and its associated risks and opportunities. The role is evolving beyond just accounting, tax liability and funding. Therefore, closer collaboration between senior leaders is key to driving efficiencies and enhancing customer experience.
5 – Innovate by adding finance and payments to vertical services
Companies with a vertical focus are well placed to innovate by offering new payment services. In many vertical sectors, especially employment services, software vendors are increasingly embedding financial services facilities, such as payments, into their technology platforms. Employment services SaaS providers, across payroll, accounting, bookkeeping and more are offering financial services to existing and new customers within their specific ecosystem.
This means they can develop hyper relevant, convenient and delightful financial products and services for their end users through highly flexible, ‘plumbed in’ payments. This creates an ecosystem of stickier products while boosting the lifetime value of each end user.
Moving forward – engaging technology to drive efficiencies
If the onset of the Coronavirus crisis has taught us anything, it is that there are many advantages to investing in technology and having a digital infrastructure as responsive as your customer-facing experience.
However, whilst digital technologies enable companies to provide customer service in new ways during lockdown. These same businesses are failing to transform their digital strategies, with the biggest priority still being cost reduction (41%).
By not shedding legacy technology and shoring up operational efficiency, UK businesses are following an increasingly risky strategy. And one which will have an exponentially greater impact on the wider business if left untreated. Particularly when this widespread failure to act concerns the customer experiences that sit at the very heart of a proposition – the payments.
To find out how you can drive payment efficiencies into 2021 and beyond, download the full report here for all the insight you need.
Gain financial regulation qualification online
Gain financial regulation qualification online
Warwick Business School in partnership with the Bank of England are delighted to offer two online specialist Postgraduate Awards, which are perfect for anyone working in financial regulation to evidence their professional development.
- Financial Conduct, Leadership & Ethics – Starting in February 2021
You will debate and cover questions such as how do financiers judge ethical questions in financial markets? What are the implications for regulators and for clients?
- Financial Regulation & Supervision – Starting in June 2021
You will develop a comprehensive understanding around financial regulation by looking at topics such as its tools, benefit and practical application.
Studied online over a period seventeen weeks, you will gain a detailed knowledge of the subject, learn industry best practice and gain a qualification to evidence your understanding.
The wider Global Central Banking & Financial Regulation qualification offers three start dates and four qualification levels.
Invest in your career
Find out more about these Awards and the qualification levels offered by Warwick Business School in partnership with the Bank of England, by downloading the brochure here.
This is a sponsored feature
Beyond Transactions: The Payment Revolution
By Marwan Forzley, CEO of Veem The uninterrupted disruption brought on by the pandemic accelerated the need for robust, digital-first...
The UK’s hidden payments crisis: why businesses should rethink their payments strategy
By Edwin Abl, Chief Marketing Officer at Modulr. As the economic conditions imposed by the Coronavirus endure, businesses are facing a...
Investing into a more sustainable future: changing businesses from the inside out
By Shawn Welch, Vice President and General Manager of Hi-Cone Worldwide As industries across the world are facing unprecedented uncertainty...
Securing Information Throughout the Supply Chain – Preventing Supplier Vulnerabilities
By Adam Strange, Data Classification Specialist, HelpSystems The financial services sector is experiencing extreme disruption coupled with rapid innovation as...
RegTech 2020: The rise of Open Banking
This month on the RegTech 20:20 podcast, host Alex Ford is joined by industry experts Gavin Littlejohn, Chairman of The...
The case for AI technology adoption in financial back-office roles to improve efficiency
By Tomas Gogar, AI CEO, Rossum In this era, digital transformation isn’t anything new. Nonetheless, it can still cause a...
Gain financial regulation qualification online
Gain financial regulation qualification online Warwick Business School in partnership with the Bank of England are delighted to offer...
COVID-19: Dealing with fraudulent applications for the Bounce Back Loan Scheme
By Ed Lloyd, EVP Global Head of Sales, Encompass The COVID-19 pandemic is still having a devastating impact on businesses...
EU Commission sets out new intellectual property action plan affecting SEPs, patent pooling and EU design protection
By Andrew White, Partner and UK & European patent attorney at intellectual property firm, Mathys & Squire The EU Commission...
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder If the last nine months have made anything clear, it is that the...