Damaging exposure by WikiLeaks puts CIA’s cyber tools in hackers’ hands

Criminals use leaked techniques to exploit financial systems at small banks, credit unions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When WikiLeaks released details about the CIA’s arsenal of hacking tools last month, it was like Christmas arrived early for hackers who specialize in cracking into the business networks of financial services companies.

Mandiant, the forensics division of malware detection vendor FireEye, affirmed as much in its M-Trends 2017 report, issued shortly thereafter. The Mandiant report disclosed how cyber criminals have quickly embraced CIA-type tools to juice up their banking system attacks.

I spoke to Bob Thibodeaux, chief information security officer, at Seattle-based DefenseStorm, about this. DefenseStorm provides a security service for community banks and credit unions that monitors network traffic—specifically event log data—for malicious activities.

Related infographic: Cyber robbers reel in small banks, credit unions

“What we are seeing with the leak of the CIA’s attack tools are that cyber criminal elements are actually taking advantage of the knowledge of those tools for their attacks,” Thibodeaux told me. “We are seeing them actually using the kinds of tactics that the government actors are using to exploit financial firms, specifically.”

These cutting-edge attacks are showing up in banking systems in southeast Asia, according to Mandiant. But it may be only a matter of time before use of similar tactics, leveraging the CIA leak, spread to banks in other regions.

Bob Thibodeaux, DefenseStorm chief information security officer

“The attackers are using tools that Windows system administrators would use to actually stay on the network, monitor traffic, figure out how the banking process works, and then steal tens to hundreds to millions of dollars,” Thibodeaux says.

Community banks and credit unions in the United States are likely to be targeted because they are less well-defended than the big multinational banks.

It is all too typical for a small bank or credit union to rely on basic network defense systems, even though malicious probes and communications with criminal command-and-control servers are nonstop.

Unfortunately, it’s not going to get any easier for smaller banks and credit unions to play catch-up, much less neutralize cyber attacks over the longer term—without help, Thibodeaux says.

“One of the reasons why we entered into this business is we want to help these smaller financial institutions protect themselves,” he says. “We know that budget is very tight and smaller organizations don’t have a lot of IT staff. So we can help them, we can do the staff augmentation and be the experts for them.”

More stories related to WikiLeaks and attacks on financial firms:
Cyber robbers want cold, hard cash—and they’re finding it at small banks, credit unions
Small banks, credit unions on front lines of cybersecurity war
How bad is recent WikiLeaks document spill about CIA? Look beyond headlines