Financial institutions and Cybercrime: It’s only just begun

Written by FinTech Futures
28th July 2014

Alex Raistrick is VP Western Europe at Palo Alto Networks

A recent bout of high profile cyber-attacks on financial institutions across the UK, US and Canada has put the spotlight back on the importance of data security and the need to be diligent when it comes to cybersecurity within the banking industry, writes Alex Raistrick.

Over the last few weeks GOZeuS and Cryptolocker malware has enabled cyber criminals to attack banks and steal hundreds of millions of pounds by accessing bank login credentials. This has been just one of many attacks in the on-going battle between banking systems and the Cryptolocker malware family.

The UK National Crime Agency even issued a warning about GoZeuS and Cryptolocker malware and a similar alert was raised in the US by the US-Cert. It may now only be a matter of time before these attacks start targeting banking institutions across Europe.

GameOver Zeus is a bank credential-stealing malware first identified in 2011 that has plagued the banking industry since then. It’s often used by cybercriminals to target Windows based personal computers and web servers as well as carry out command-control attacks.

Like many malware families today, Zeus and Cryptolocker use various Domain Generation Algorithms to reach out to their command and control servers via DNS to establish contact and receive instructions. There are up to 1,000 domains per day that these families target.

As part of the proactive takedown initiated by the FBI in 2014, cybersecurity firms received intelligence that included about 250,000 URLs that P2PZeus and Cryptolocker will reach out to for the next 3 years. Malware attacks are evolving in sophistication which means that financial institutions in the UK and Europe need to re-examine the security protocols they have in place to protect their data and customers against potential attacks.

Financial institutions will always be a prime target for cybercriminals due the large amounts of money that can be acquired upon infiltration. Data breaches against Standard Chartered customer data and phishing websites designed to steal PINs and One-Time-Passwords from POSB customers make the job of banks protecting themselves harder, but there is a lot that can be done for financial organisations to prepare for such attacks.

One way is for businesses to be proactive when it comes to the growing dilemma between controlling IT costs versus the imperative to tighten security. This is especially important around technology initiatives such as mobile computing. Many financial organisations are in the process of retiring their Blackberry devices that were provided years ago to employees with the goal to improve work flexibility and productivity. Old devices are now replaced by a full BYOD model with employees allowed to use their chosen devices to connect to their enterprise network. Therefore, it’s important that IT departments deploy solutions that will force all traffic coming from mobile devices to go through security checks.

Another key step is for organisations to make sure they use IPS signatures to prevent vulnerabilities from being exploited by client-side attacks that could drop Zeus or Cryptolocker. Companies can consider inline blocking with a strict IPS policy as well as using a drive-by download that would drop the malware on the system and prevent vulnerability.

Businesses can easily help protect their networks by controlling the software update process. Malware authors prey on social engineering tactics to convince employees to install fake Reader, Flash and Java updates – but these can be part of the infection vector. It’s important that companies recommend that employees do not install Adobe Reader, Flash and Java updates from unofficial sources if these pop-up. Businesses can play it safe by having all their update installs controlled by the IT group or to explicitly direct users to visit the official software vendor website for updates.

Focusing on better network segmentation is also a key way to reduce the risk of being compromised. Many threats come from the inside of an organisation, which makes any security strategy based primarily on perimeter protection almost void. Network segmentation helps to block attacks trying to spread from one area of the network to another. Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.

Sharing threat information is also a great way for enterprises to learn additional way to protect themselves. Many cybercriminals operate within communities so it’s important that enterprises share threat intelligence more systematically and create a stronger sense of community against cyber criminals.

While the threat landscape across the European region and the world continues to evolve and change, financial institutions must remember they have a responsibility to protect their customers, making it imperative for organisations and their employees to understand the vulnerabilities that exist in the network. It’s vital that enterprises, governments and standard organisations collaborate and leverage expertise in order to adapt and overcome the evolving sophisticated security threats that the finance sector continually faces.