Catching the Big Phish: What Are the Security Risks Facing Financial Organisations?

With this week being London Technology Week, it seems an appropriate time to raise awareness of these threats so that everyone can use technology with a much lower risk of becoming a victim of cybercrime.
|

Cybersecurity threats are constantly on the rise and now have the potential to affect each and every one of us. This year so far, we have seen some hard hitting Internet security threats aimed at governments, consumers, businesses and financial organisations; and it's vital that people from all walks of life recognise the risks of cyber-threats and take steps to combat them.

With this week being London Technology Week, it seems an appropriate time to raise awareness of these threats so that everyone can use technology with a much lower risk of becoming a victim of cybercrime. My keynote speech at Innovate Finance's cybersecurity event discussed the changing malware landscape and notably the boom of e-commerce and how this has encouraged new cyber-threats.

A perfect, albeit shocking, example of such a threat was revealed by Kaspersky Lab in February of this year - Carbanak, or as the media dubbed it, 'the great bank robbery'. Banks are, of course, institutions that many people believe are immune from cyber-threats. The research into this campaign began when a Ukrainian bank noticed that money was being dispensed 'at random' from cash machines. This initial enquiry soon extended way beyond this particular bank: it became apparent that up to 100 financial institutions worldwide had been hit by the same cybercrime gang since August 2013, with the total loss amounting to up to $1billion.

The attacks begin with spear-phishing e-mails sent to bank employees, with infected attachments. This gives the hackers their foothold in the bank, from which they are able to collect data and steal money by mimicking the day-to-day activities of legitimate bank staff. Once inside the system, hackers are able to move around the system until they find their points of interest - staff and processes that allow them to extract money from the infected system. The worrying thing is that this attack is still active.

Having tracked down administrators' computers, they are able monitor and even physically record everything the infected member of staff does while servicing cash transfer systems. This enables them to transfer money and cash out, either using online banking systems or by manipulating ATMs to dispense cash at pre-determined times when members of the gang are lurking nearby to collect the cash.

And it didn't stop there. Next came the announcement of a targeted attack campaign dubbed 'Equation Group' which specifically used a technique known as 'interdiction', intercepting physical goods and replacing them with Trojanised versions. For example, participants attending a scientific conference in Houston were later sent a CD containing the conference materials: this CD was used to install one of the group's malicious implants on the victim's computer. The group has infected thousands (possibly tens of thousands) of victims in more than 30 countries around the globe.

There was also the discovery of what is believed to be the first full-scale cyber-espionage campaign to be carried out by Arabic cyber-mercenaries. The group, known as Desert Falcons, has targeted multiple high-profile organisations in the Middle East (primarily Egypt, Palestine, Israel and Jordan) and elsewhere. In total, there have been 3,000 victims in over 50 countries across the globe - with over one million files stolen. And this was all announced in just one month!

One common thread running through these cyber-attacks, and many other, targeted campaigns is that individual employees are tricked into giving the attackers an initial foothold in the organisation they want to target. So, financial organisations, and any other business for that matter, need to ensure their employees are educated about cyberthreats as the first port of call to becoming cyber resilient!