With all the cyber threats that exist today, banks are more vulnerable than ever to becoming the next victim of a malicious cyberattack. With the growing list of fintech solutions offered in banking and the most recent Cloud Hopper investigation released by WSJ, 2019 was an early indicator of cyberthreats still to come in the year ahead.
According to a new report released by the Federal Reserve Bank of New York, just a single cyberattack targeting one of the biggest U.S. banks would likely have a major ripple effect on the global financial system. Today there is a rising awareness of the cyber risks involved in a growing fintech sector driven by technological innovation.
With all this in mind, here are the top five cyber risks every financial institution should be prepared to defend against in 2020.
Credential stuffing is a type of cyberattack that usually targets the personal data of banking customers. Using stolen account credentials, hackers can gain unauthorized access to user accounts using automated large-scale login requests. The stolen information can then be used to bombard websites and servers in order to try to gain access to critical IT infrastructure. This practice is known as credential stuffing.
List of keys and logins are often obtained via the dark web and allows hackers to save a lot of time by avoiding the need to play the password-guessing game.
“There is an automated process where the hacker can log thousands to millions of breached passwords and usernames using standard web automation tools,” says Brian Brannon, VP of security product strategy for Safe Systems, an IT security firm that works with community and small banks.
Credential stuffing differs from a brute force attack since in credential stuffing operation attackers often use usernames and passwords that are known to have worked at some point or another. For banks, credential stuffing is an emerging and credible threat that will only get worse as the number of data breaches increase in the years ahead.
Cloud services come in very useful by helping banks offset IT expenses, boost system uptime and ensure their data is being stored safely. But the promises of the cloud have come with a few hard-earned lessons when it comes to customer data and security.
With so much information stored on the cloud, particularly for the use of public services, cloud providers have become easy targets for malicious attackers looking to gain access to financial institutions. To get a clearer picture of the problem, consider that over 1.4 billion records were lost to data breaches in March 2017 alone – many of which involved cloud servers.
With the Wall Street Journal’s recent release of their investigation into the global hacking campaign known only as ‘Cloud Hopper,’ the true depth of the risks associated with compromised cloud data couldn’t be more evident, or alarming.
For the Cloud Hopper attack, hackers known as APT10 gained access to cloud service providers, where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them for years.
According to WSJ, the attack went far beyond the 14 companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp.
To make things worse, investigators said many major cloud companies stonewalled clients as to what was happening inside their networks. Contrary to what many bank executives might think, the sole responsibility for protecting corporate data in the cloud lies with the cloud customer, not the service provider. Hence, no cloud provider is legally or contractually obligated to ensure the safety of customer data – as much as they may promise to do so.
Phishing is a common type of cyberattack that’s often used to steal user data, including login credentials and credit card numbers. But lately, there’s been an increase in phishing attacks targeting bank employees. Phishing occurs when an attacker tricks an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack.
An attack can have devastating results on a business – especially a financial institution like a bank. Phishing can be used to gain a foothold in a network as a part of a larger attack like an advanced persistent threat (APT) event. In this scenario, an employee is compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
With access to an employee’s email account, cybercriminals can read a bank’s sensitive information, send emails on the bank’s behalf, hack into the employee’s bank accounts, and gain access to internal documents and customer financial information. This can result in millions of dollars worth of damage in both financial and reputational risks for the institution and its employees.
Ransomware is a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee. In March 2017, the WannaCry virus spread independently through the networks of unpatched Microsoft Windows devices, leaving thousands of computers infected and making off with a total of 327 payments totaling $130,700.
Although ransomware has costs businesses more than $75 billion per year in damages (Datto), ransomware still remains one of the most common forms of cyberattack. Banks remain top targets for ransomware attacks, as cybercriminals follow the money for big payoffs. According to a Kaspersky Labs report, cybersecurity statistics show attacks were launched from within more than 190 countries, with financial services the second most targeted industry after healthcare.
Successful ransomware attacks, especially on smaller banks, are the result of a lack of IT resources, outdated security tech and protocols, and inadequate endpoint cyber-protection. To help protect themselves against ransomware, financial institutions should place many uniquely-tailored protection layers throughout their networks – each one acting as an obstacle to block malicious software attacks.
Internet of Things (IoT) Exploitation
While a majority of exploitation attempts stem from software vulnerabilities, they can just as easily begin from vulnerable pieces of hardware. Anything from an employee device to a router connected to an unsecured network can put an entire organization’s digital infrastructure at risk.
For many CISOs, this may sound like preaching to the choir – but unbeknownst to many is how easily exploitable their IoT devices are since they’re often not required to have the same level of security scrutiny as computers. Unsecured IoT devices, such as, home routers, printers, and IP cameras are all vulnerable to attack.
As institutions continue to connect more gadgetry to the internet, the number of potential security weaknesses on their networks are also more likely to increase. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Once they have an entryway from an IoT device, they have full access to the entire network, including all customer data.
Today’s hackers also have the unfavorable ability to easily exploit a bank’s API system since many legacy APIs weren’t designed with the cloud in mind. This leaves many systems vulnerable from the get-go – and open banking has just been making the problem worse.
What Banks Can Do
If after reading this article, you’re starting to doubt the security of your organization’s IT structure, know you’re not alone. Here are just a few methods you can adopt in order to create a more safe and secure digital landscape and defend against potential cyberthreats.
Assess Your Cloud Security
Regularly review your cloud infrastructure to ensure it’s up to date. Assess your cloud security’s current state compared to security benchmarks, best practices and compliance standards.
Monitor Your Cloud Security
Use a vulnerability management tool to help you automate threat detection and protect against potential threats before they become a problem.
Establish Strict Access Management Policies
By only providing access permissions to employees who require it, you’re ensuring your organization is well-protected from within – especially if you employ contractors or part-time workers.
Establish a Disaster Recovery Plan
Having a plan in place helps you avoid data loss and allows your to minimize downtime after a disruption. This only works if you backup your data regularly and often.
Encrypt Your Data
Encrypting your data cryptographically, and protecting the cryptographic keys to that kingdom, ensures your most sensitive digital assets are always protected – even if your IT structure is critically compromised.