7


CYBER SECURITY


Building a new immune system for the internet


The tenth annual Verizon Data Breach Report makes for worrying reading. While there are no traditional bank robbers in the report, it lists dozens of new cyber-criminal subsets and external parties the financial sector is fighting, with no end to the struggle ahead


Senior Editor Bill Boyle


T


he well-respected annual Verizon report for 2017 makes the point that the financial services umbrella comprises many subsectors and not all share similarities in threat


sector tactics. For instance, having to worry about dudes in hoodies and track suits installing skimmers and cameras on ATMs is a commercial bank or credit-union reality, but not a worry for insurers or investment bankers. Ensuring that you know who your likely attackers are and where they are likely to come from is now an essential cyber security skill as the sheer level of threats escalates.


A bit about botnets


Botnets continue to be a powerful weapon built and utilised (either by renting out or direct use) by organised criminal groups for financial gain. One type of zombie herd that is leveraged in attacks against banking institutions is DoS botnets, which use strength in numbers to spew unwanted traffic at their victims’ infrastructure. These gained national attention in 2012 with ideology-driven attacks against US banks. Another threat worthy of note is consumer devices infected with banking Trojans. Banking Trojans are not new on the cyber crime scene but are still omnipresent and ever evolving. The difficulty for banking institutions is that many of the nefarious acts or, in Verizon terminology, “Threat Actions” are their customers, not internally managed devices.


Phil Lieberman: The elephant in the room is poor network design


In July 2016, the National Institute of Standards and Technology listed malicious code on mobile endpoints designed to capture second factors delivered via SMS, as reasons for recommending moving away from texting codes as a second authentication factor. They were not


suggesting that using two-factor authentication via SMS is akin to building a house of flammable sticks, but it is a window into the thinking of the adversary. When faced with defeating multi-factor authentication the bad guys will pragmatically try to devise a way to capture both factors for re-use.


Laurance Dine, Verizon’s managing principal of investigative response, EMEA, told IBS Journal that: “Real-time threat intelligence is very important in stopping breaches from happening. But this is rare and only affordable by the largest organisations. The biggest problem for organisations in the present changing landscape is identifying what type of device or person they are dealing with at the authentication level. To some organisations, it is now so important they have their threat- intelligence teams.” That is a quick evolution for a subset of the cyber crime arsenal which is only a few years old.


The bad guys are drawing ahead of us


The banks have had to face some uncomfortable truths in the harsh reality of technological advances which, for the first time, are starting to leave them behind. In the early 1980s, it would have been unheard of for any bank not to have the very latest server, desktop and back-office technology. Now they are having to find other ways of staying ahead of the Tsunami of State attacks, hack attacks, web attacks fraud and cyber espionage as they downsize and outsource IT departments and prepare for the ultimate test of their security – the cloud.


Ironically the strategy most banks are developing and have found works well is the old-fashioned partnership. We know Barclays and HSBC in the UK have partnerships to fight cyber crime and it shows the breadth of threat if such old competitors are prepared to break bread with each other over key tactics as how to repel cyber attacks.


www.ibsintelligence.com | © IBS Intelligence 2017


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11