How the Finance Industry is Reacting to Hackers, Trojans, and Third Party Risk
The Finance Industry is having a difficult time when it comes to cybersecurity. Banking Trojans, malware, ransomware, and complicated hacker attacks have all been levied at financial institutions and the risk only seems to be increasing. Fortunately, information security and risk management is being taken more seriously by decision-makers and the industry as a whole. In this article, we’re going to look at some of the recent major security events in the financial industry and how the industry is responding.
Dridex Campaign Gets Worse, Verizon DBIR Shows Extent of Damage
The Verizon’s Data Breach Investigations Report released in early 2016 showed how much the financial industry suffered in data breaches. Despite coming in third in overall security incidents, they came in first in number of incidents leading to a confirmed data loss, almost three times more than the second place industry.
One of the biggest culprits that led to the majority of data loss incidents was the Dridex Trojan Malware, so much so, Verizon notes, that it skewed a lot of the resulting reports. The malware resulted in a significant increase in the amount of phishing and social attacks, while also making up the majority of the attacks that only took minutes to compromise and exfiltrate.
The Dridex problem takes advantage of static and reusable banking information to capture credentials or other sensitive information in order to commit fraud or steal money from infected financial institutions. While Dridex author’s and a botnet was caught and taken down in October 2015, the attacks haven’t let up and recent reports suggest the problem has actually gotten worse.
The Dridex malware has been detected as one of 6 variants having attacked Canada’s institutions and businesses earlier this July. Worse still, Dridex seems to have evolved to attack in different ways and deliver different payloads. A report from April analyzed Dridex’s infrastructure and found that it was stealing payment credit card data in addition to its previous targets and, after a mysterious downtime, Dridex has recently been reported as being spread by Necurs, one of the largest botnets in the world.
The Bangladesh Bank Hack Turns Heads, Spurs SWIFT to act
We’ve covered the Central Bank of Bangladesh Hack before. In short, hackers accessed the Central Bank of Bangladesh’s systems through insecure network routers, were able to install malware developed to steal SWIFT credentials, the messaging network system used to communicate between financial institutions. The stolen credentials were then used to steal over $80M and then an extra $21M that was returned after the attack was detected and stopped.
However, that wasn’t the end of the story. Since then, multiple attacks have been linked to the same method of attack and twelve banks contacted FireEye, the security firm hired by Bangladesh Bank due to signs that they may have been hacked in the same manner as well.
SWIFT has maintained that they themselves have not been hacked and it is due to poor security hygiene on the bank’s side that allowed the sensitive credentials to be stolen. Nevertheless, they have been more involved on the information security front, partnering with BAE Systems and Fox-IT in order to create a dedicated Customer Security Intelligence Team after having launched a security customer program ‘dedicated to strengthen the security of the global financial community against cyber threats’ and outlining five strategic areas for improving security.
The SEC Takes Note, The Finance Industry Reacts
Cybersecurity is increasingly becoming an important topic for the financial industry, as seen by the steps taken by institutions such as SWIFT. On a regulation perspective, the Securities and Exchanges Commission chair, Mary Jo White, has dubbed cybersecurity as the financial industry’s biggest risk. Auditors are shifting their focus from financial organizations’ assets and resources to technology and security. And the focus on third party risk is increasing.
A Trustwave Global Security Report noted that 63% of security compromises involved a third party that introduced the security deficiencies that were exploited. The assessment of vendor security capabilities is also a challenge to information security efforts, according to the Global State of Information Security survey, conducted by PWC who also note that financial service spending on cybersecurity has grown 14%, but thefts of ‘hard’ intellectual property has increased by over 183%.
Financial institutions are reacting by adding a number of information security-related questions to third-party vendor RFPs, adopting risk-based security frameworks, utilizing cloud-based cybersecurity technologies for flexibility, and actively monitoring their vendor’s security.
However, the increased attention may not lead to specific action taken to reduce the cybersecurity risk the financial industry is being exposed. The financial industry still has a long way to go to make strides in assessing and mitigating the risk posed by hackers.
In order to better understand the financial industry, we analyzed the security posture of 7,000 financial institutions to determine the strongest and weakest security postures within the industry. Among the proprietary data we analyzed were specific security factor scores, compliance with common security standards such as PCI, SIG, and ISO, and detected malware events within an organization’s IP range.
We compiled our findings into the 2016 Financial Industry CyberSecurity Report. To receive a free copy, click the image below.