Targeted attackers primarily focus on financial institutions, opting to follow the quickest way to access finances. Obviously, there is no point in attacking a special-purpose software developer’s website, as very few people will notice its unavailability during a couple of hours.
However, banks may dramatically suffer from targeted attacks. Such attacks are called pointed (or targeted) because a cyber criminal targets a victim (company or individual) beforehand, makes thorough preparations, and selects or develops sophisticated attack tools, thus making such attacks extremely efficient contrary to massive attacks.
There are several types of targeted attacks. The best known among them are distributed denial of service (DDoS) attacks. Common public belief is that they are the most widespread of targeted attacks but that belief is not accurate.
DDoS attacks are just more visible since they address an enterprise information system (most often a corporate website or an intranet) in order to cause a denial of service- a situation when authorised system users cannot access system resources (servers), or access may be very difficult.
This type of attack is a real threat for banks that provide comprehensive Internet banking services (user account, online payments, etc.). It is immediately noticed when such a website is inaccessible or if its services are unavailable. The 2015 attack against the Finnish financial group OP-Pohjola is among the most noticeable attacks of this year.
The Helsinki-based Pohjola is the largest financial services group in Finland and has4mn customers in a country whose population is just 5.4mn.
There are special DDoS protection tools that many major banks and financial institutions know about and employ on a mandatory basis.
Just like DDoS attacks are often targeted at banks, banking clients will most often suffer from a form of attack known as “phishing”.
Phishing is when online banking pages are substituted with false ones in order to retrieve clients’ confidential information (user account logins and passwords, account and credit card numbers, etc) which are then used to gain access to and transfer their finances to cybercriminals’ accounts.
In such cases, I would recommend that banking clients to carefully check an online banking page’s address bar, and to refrain from entering any personal data if the page address differs from the address the page usually displays. The same goes for when “http” protocol is used instead of “https”.
In addition, in order to gain unauthorised access to and steal client information such as user passwords and credit card data, cyber criminals often leverage social engineering techniques in order to deceive bank clients.
Social engineers and hackers exploit the very nature of human beings. Their attacks target individuals who lack experience in matters of information security. A social engineer knows almost everything about a victim and utilise this knowledge during the attack.
As an example, targeted social engineering may include an e-mail or SMS sent to the victim, allegedly on behalf of the bank’s client manager, containing the following text: “Dear Mr Anderson, Your Bank (author’s note: the client’s bank is identified in advance) is checking the security system. Please send your credentials (user login and password/credit card number and PIN) to this email address/SMS number.”
Unfortunately, there are no effective technical means to combat attacks powered by social engineering. A bank should give its clients insight into information security. Clients should be made fully aware that a bank would never request logins, passwords, card numbers, PINs, CVV/CVVC or other client confidential data, as such requests are prohibited by information security policies adopted by a vast majority of banks.
Sometimes, cyber criminals exploit web applications and particularly remote banking vulnerabilities in order to attack clients. Web applications often contain a universal word or code that enables an administrator to access data linked to the web application, but hackers exploit web application vulnerabilities then use the information for personal benefit. This type of attack often hits users of gaming applications and websites.
However, there are special-purpose web application firewalls that are programmed with awareness to such application vulnerabilities and regularly check for and filter them out – thus being able to prevent cybercriminals from successfully exploiting them.
And finally, the most powerful targeted attacks against banks are those powered by special-purpose software. This is the most destructive and quick-spreading type of attack, and InfoWatch possesses special software that ensures protection against them, and thus detects targeted attack malware almost in each pilot project.
Among the most well-known attacks of this type are Stuxnet (Iran’s nuclear sites), ZeuS (theft of money from client accounts with European banks), and those attacks against RSA and Nortel, etc.
But how do cyber criminals perform targeted attacks against banks?
Once an organised team of hackers or cyber criminals accepts a request for a targeted attack against a specific bank, preparations starts with the leveraging of design technology in order to develop sophisticated malware specifically tailored to infiltrate this specific bank’s security system.
It may be injected into a bank operator’s workstation in order to substitute accounts during wire transfers or to withhold small sums from them, with the amount being credited to third party accounts. Such a theft often goes unnoticed because clients may believe it to be a result of bank commission.
In addition, such malware can be injected into the bank’s processing system, which is very difficult to perform because banks’ processing servers employ very strong protection measures, but when successful, hackers can gain full access to all the bank’s transactions!
Targeted attack malware can bypass standard information security means such as anti-viruses, firewalls and others, so special-purpose security systems were developed to prevent targeted attacks.
First, it can be software products such as InfoWatch software that dynamically scans (with regular intervals) the enterprise information systems for abnormalities (changes unknown before). If such abnormalities are detected, InfoWatch security systems sends relevant data to a special-purpose expert cloud where further analysis and evaluation shows whether the abnormalities relate to a Trojan or other such malware.
Secondly, some security software and hardware systems emulate the enterprise information system, redirect all the traffic thereto, and analyse such traffic for malware. However, some malware can recognise the emulated environment and run smoothly within it.
The third approach to protecting from targeted attacks is so called “debris analysis” when a consulting team analyses the incident, used malware, scenarios, etc. so that the company could secure itself from similar threats in the future.
According to the international analytical agencies, enterprise infrastructures faced more malware-based targeted attacks than DDoS attacks in 2014. This is because the costs of both attacks are the same, while malicious code targeted attacks are much more effective and profitable.
Thus, financial organisations become the number one target cyber criminals can expect maximum profit.
This is not a threat of tomorrow, but that of today, and the time for the cyber battle has already come.
♦ Vsevolod Ivanov is Deputy CEO at InfoWatch,which is focused on developing and providing technologies and services dedicated to data loss prevention & protection, intellectual property protection, customer experience and reputation management, as well as risk management and compliance solutions.
View the original content and more from this author here: http://ift.tt/1dr1cYC
from cyber security caucus http://ift.tt/1HCdxD8
via IFTTT
No comments:
Post a Comment