The financial sector has always been a target for cyber attacks, and in 2015 there was a significant increase in attacks. The number of attacks is on the rise with advancements in the communications and infrastructure technology, which makes even activities such as back office outsourcing challenging. According to a BitSight Insight report, the financial sector continues to exhibit excellent security performance, nevertheless they must continually strive to understand the types of threats and the perpetrators behind them. Providers of financial services require reliable and strong workflow systems, top-notch technology, and a highly protected but flexible IT infrastructure. This will ensure compliance and security for the sensitive data they handle.
Why Is the Financial Sector Targeted?
Since the beginning of the Internet and its use for various transactions, the financial sector has been at risk for cyber security attacks. This risk has increased over the past few years due to rapid changes in computer hacking technology. In 2015 Bot attacks increased significantly resulting in a 40 percent increase in attack and a record of 45 million attacks in the last three months of 2015. Earlier, Bot attacks were engineered by individual hackers, but today they mostly originate from widely connected, automated systems that are more difficult to track and shut down.
The cyber security industry has known for some time that underground markets have emerged in the cyber-crime community that specialize in the buying and selling of information stolen from the financial sectors’ computer networks. Any stolen information can be immediately traded for a value; or the hacker can collect as much as information as possible and keep that information until it achieves real value. The more sensitive data a financial institution holds, the more it is targeted. Therefore it is important to stay alert when it comes to cyber security issues and security teams should increase cyber situational awareness to defend against increasingly malicious attacks.
Perceived Threats
Here are some cyber security threats the financial service sector should know about:
- Social media threats: There are various examples where attackers misuse social media profiles by hiding behind a bogus profile to gain trust and extract information. Towards the second half of 2015, Facebook and Twitter began proactively monitoring for any suspicious activity and inform users if they feel that they are being targeted or their information is compromised.
- Spear phishing and whaling: In spear fishing attacks, attackers pretend to be legitimate individuals/institutions, establish trust and persuade the targets to disclose their credentials. Whaling is targeting multiple victims for huge amounts of money. Here, executive emails are spoofed to trick finance departments to make large transfers into fake accounts. The instructions given often include an URL that appears to be agenuine financial services website but which actually redirects the target to another site.
- Extortion: This involves attacks such as DDoS or distributed denial-of-service wherein online services are made unavailable by overwhelming them with traffic from various sources. The attackers notify the targets that they are vulnerable to a DDoS attack and would increase attack activity and the ransom request if they are ignored.
- Point-of-sale malware: Point-of-sale (POS) systems are targets for cyber criminals regardless of the adoption of the Europay, MasterCard and Visa (EMV) standard. There are a number of versions of POS malware, and it is suspected that duplicating EMV credit cards may be possible.
- ATM malware: ATM-specific malware threats are a reality. The malware Green Dispenser infects ATMs and allows criminals to extract large sums of money while avoiding detection. Reverse ATM has also evolved and the attacker uses a combination of compromised PoS terminals and money mules (people who transfer stolen money between different countries) to reverse a transaction after the money has been withdrawn physically or sent to another bank account.
- Credential-stealing malware: Credential-stealing malware targets banking customers. The malware Dridex has been very active in 2015 and received significant international law enforcement attention. Exploit kits, which offer a user-friendly way for attackers to affectvictims, are highly active withsome of the popular kits such as the Angler Exploit Kit having the ability to take advantage of new weaknesses or vulnerabilities quickly.
What Factors Contribute to the Vulnerability?
Now here are some weaknesses financial institutions need to be aware of.
- Implementing new technology without appropriate security: Unprotected medical devices, connected cars, CCTV cameras, toys and so on can become malicious bots.
- Unencrypted data: Improper encryption accounted for most of the data breaches in 2015. Stolen data is immediately accessible after being stolen.
- Unreliable outsourced solutions: When you obtain services from a third party, cyber security should be a priority.
- Unsecured mobile banking: Mobile banking is becoming more prevalent now. Simple security systems on mobile devices make them vulnerable and potential victims to hackers. Therefore, encryption must extend to the mobile space so that banks and their customers remain safe.
- Not being prepared for the ever changing and innovative forms of hacking: Organizations must stay alert to new modes of hacking. This will help identify any new development quickly and take necessary measures.
Experts say that the financial services sector will continue to experience cyber threats more frequently compared to other industries. Financial institutions must constantly work to develop better threat protection and risk mitigation measures even when using outsourced solutions. For this, the most important thing is to understand which malicious agents are likely to target them, why they do so, and what tools they will use to launch the attack. Another alternative is that companies and law enforcement could work together to identify and stop these attacks. This would help financial services to enhance their cyber situational awareness and make more informed decisions.