Cyber-Solutions for Financial Institutions

SWIFT Breach:
In February 2016, Bangladesh Bank was in the news after the major, sophisticated attack elaborated by a group of ruthless hackers. The involved cyber attack consisted of at least 35 SWIFT payment instructions supposedly sent by Bangladesh Bank to the Federal Reserve Bank of New York. More than $100 million were cleared, although, luckily, not all of the payment instructions were approved, due to missing information. (The Wall Street Journal)

The elaborate plan included exploitation tools capable of stealing credentials through the monitoring of keyboard strokes. Credentials that were later used to deploy the attack and proceed with the money-theft.

On Tuesday August 30, SWIFT – the Society for Worldwide Interbank Financial Telecommunication – whose member banks communicate on a “reliable” and closed computer network, reported the occurrence of several cyber-theft attempts to its member banks starting in June. Allegedly, some of these attacks were proven successful, and have caused “customers’ environments” to be compromised, as reported by REUTERS.

Financial Institutions and Cybersecurity:
Security vulnerabilities in financial institutions procedures were identified as the cause of compromise for the targeted banks.

SWIFT understands that these attacks are likely to continue and increase in sophistication, which is why it is now urging its members to evaluate their security measures and implement better ones if necessary. Unfortunately, financial institutions are an extremely appealing target, and hackers are exploiting weaknesses to maximize the damage.

As it has become clear that attacks against financial institutions are on the rise, and that hackers are designing more and more advanced attacks, there is a need for financial institutions to step up and improve their cybersecurity posture at all levels.

What are Cyber-Solutions for Financial Institutions in Order to Improve Their Security Posture?
At LMG, we believe that it is not a matter of if your organization will be attacked, but it is a matter of when. For this reason, it is fundamental to take all of the necessary measures to reduce the risk, as well as have a structured recovery plan for eventual attacks.

Dan Featherman, a Senior Security Consultant with LMG Security, has actively spoken about the necessity for financial institutions to take cybersecurity issues seriously. Here are some questions he answered for us:

What do you think are the top three cyber-risks that banks are facing right now?

“There are several cyber risks that I believe are important and that financial institutions should pay attention to.

The first, and maybe most obvious, is credential theft. Malicious actors can use numerous tactics to steal credentials, but simpler strategies work as well: Key logging (the use of a software program or physical device to record key strokes and thus facilitate credential theft), phishing attempts, and other types of social engineering activities (in which the malicious actor pretends to be a trustworthy entity to extract information). These activities can have a profound impact on financial institutions, as they can lead to the compromise of privileged accounts.

The second risk, which is sometimes overlooked, is the fact that many companies continue to support legacy systems in some capacity. These proprietary and obsolete systems may not be updatable, resulting in substantial gaps in security. Often times obsolete, or end-of-life, systems exhibit highly exploitable vulnerabilities.

The third area of risk that financial institutions should be aware of is their dependency on subcontractors and managed service providers. Sometimes these providers are not as security conscious as they should be, which introduces inherent risks for the companies utilizing their services.”

What do you think is the best way financial institutions can prepare for cyber attacks against their companies?

“I believe effective monitoring and alerting is key. Financial institutions need to be on top of security at all times. There should be a two-headed approach to monitoring and alerting, not simply the implementation of technical controls. The first component in this strategy is being able to identify malicious, or anomalous, activities. The second component is having well-trained staff who are able to respond to those activities and alerts in a timely manner.

In addition, mature vulnerability lifecycle and patch management processes should exist. These processes should include scanning for vulnerabilities, remediating identified vulnerabilities, ensuring patches are applied regularly and consistently, and appropriate actions are taken should additional issues be identified. It’s also very important that responsibility be assigned for every part of this process.”

As usual, for any questions or comments, email us at [email protected]