Cyber robbers want cold, hard cash—and they’re finding it at small banks, credit unions
Under constant, though unpublicized, attack, financial institutions find some relief by turning to managed security services
By Byron Acohido, ThirdCertainty
Bankers abhor any public airing of details of network breaches, or worse, successful cyber robberies.
Hard metrics are not available, due to the closed nature of the financial services sector. But make no mistake, the financial services sector remains under relentless cyber attack.
In the 13 years I’ve been writing about cybersecurity, there has never been any shortage of matter-of-fact discussions in the cybersecurity and law enforcement communities about the intense, ongoing probing of banking systems globally.
I took this up with Brian Soldato, NSS Labs’ senior product management director, when we sat down for a chat at RSA 2017. And he confirmed that surveillance gathering and network breach attempts against financial services firms occurs 24/7/365.
Banks of all sizes targeted
The biggest multinational banks, as well as the tens of thousands of community banks and credit union type of institutions in the United States and across the globe are being targeted, Soldato says.
NSS Labs is in a position to know. One of the main services the Austin, Texas-based security consultancy provides is its Cyber Advanced Warning System, or CAWS, a sophisticated radar for cyber threats used by large enterprises to monitor the ebb and flow of malicious attacks moving across the internet.
Once in a while, detailed information surfaces about what a cutting-edge financial sector attack looks like. That happened this week at Kaspersky Lab’s annual Security Analyst Summit, an exclusive, invitation-only event, held this year at a glitzy resort on the Caribbean island nation St. Maarten.
Related infographic: Attackers hit big and small financial firms
Kaspersky researchers disclosed how for five hours one day last October, a hacking ring grabbed complete control over all major operations of a multinational bank. The bank was not named, except to say that it has $25 billion in assets, 5 million customers, and 500 branches in Brazil, Argentina, the United States, and the Cayman Islands.
The cyber thieves—believed to be part of a Brazilian crime ring—toiled for five months in preparation to set up this five-hour coup d’état. They succeeded in intercepting the bank’s entire online banking, mobile, point-of-sale, ATM and investment transactions.
Thieves, good guys play cat and mouse
This disclosure resoundingly affirmed what Soldato and I discussed. “The gaps are still out there,” he told me. “It’s much more difficult to stay ahead of these threats today, as compared to a few years ago, because they’re constantly evolving.”
While big multinationals represent the biggest paydays, and thus attract the most sophisticated attacks, community banks and credit unions are attractive to criminals for another reason: they tend to be less well-defended.
Thus local banks and credit unions have become the proving grounds for less experienced cyber robbers who show initiative by making good use of older generation—but still very effective—hacking tools and techniques, Soldato says.
Here are a few other takeaways about the exposure faced by financial sector SMBs, namely community banks and credit unions:
• Seeking help from MSSPs. It’s typical for a small bank to rely on basic network defense systems, when what’s needed is round-the-clock analysis of every bit of traffic hitting the institution’s network. Malicious probes and communications with criminal command-and-control servers are nonstop. Understanding and being able to detect malicious traffic is key. To address this, small institutions are increasingly turning to a managed security service provider to supply this expertise.
• ATMs exposed. Kaspersky researchers this week also disclosed details about how attackers were able to compromise a bank’s network in such a fashion so as to be able to remotely command ATMs to disgorge cash. It may be just a matter of time before this tactic catches on with smaller U.S. banks and credit unions, many of whom operate ATMs using the ancient Windows XP operating system, which Microsoft no longer supports. “It’s very easy for an attacker to buy a generic vulnerability off the Internet and target that credit union or those community banks with it,” Soldato says.
• Ransomware risk. Ransomware attacks directed at the financial services sector more than tripled in 2016 vs. 2015, mostly against smaller institutions. Besides failing to adequately defend against this virulent form of cyber extortion, many smaller banks and credit unions don’t have nimble backup and disaster recovery routines in place. “It’s very common for them to end up having to pay the ransom because it’s actually faster for them to get back online by paying than it is for them to try to recover their systems,” Soldato says.
There are 6,000-plus community banks and nearly 7,000 credit unions in the United States. Those under the most pressure to beef up defenses against cyber robbers are the ones with $50 million or less in annual revenue, Soldato says.
Soldato told me he expects smaller institutions to increasingly turn to managed services providers for help. To hear more, listen to the accompanying podcast.
More stories related to hackers’ hits on financial systems:
At new eATMs, customers can get cash without a card—and so can hackers
Small banks, credit unions on front lines of cybersecurity war
Small banks and credit unions increasingly under cyber attack