Small banks and credit unions increasingly under cyber attack
Ransomware, spear phishing intensify as criminals probe weak defenses
By Byron Acohido, ThirdCertainty
By now, every one of 6,000-plus community banks and nearly 7,000 credit unions in the United States should be well aware of the risk of being targeted for a cyber attack by well-funded, determined criminals.
Being aware is one thing. Appropriately mitigating this rising risk is quite another. And there remains a big opportunity to help small financial institutions do much better at defending themselves.
Recognizing this, Jeff Lunsford, a naval aviator-turned-tech-investor, and Edgardo Nazario, a Yale graduate and former product management vice president at Limelight Networks, launched Seattle-based tech security startup Praesidio in early 2014.
Company name change: On June 2, 2016, Praesidio announced a new company name: DefenseStorm.
Nazario is Praesidio’s CEO and Lunsford is the company chairman. The company’s core technology is called Guardian. It is a cloud service intended to be added to the stack of security services the bank or credit union already has in place.
Guardian is designed to serve as a cloud-based Security Operations Center, and function as a force multiplier enabling smaller financial firms, with limited resources, to leverage shared intelligence and have security experts at their disposal without having to recruit and hire in-house experts.
ThirdCertainty recently sat down with Praesidio CTO Sean Cassidy to discuss what this tech security start-up is seeing on the front lines at smaller financial institutions. This text has been edited for clarity and length.
3C: So what attack patterns are you seeing?
Cassidy: We’re seeing a lot of attacks on networks that have less monitoring and fewer defenses. We’re seeing a lot of ransomware, where somebody downloads something they shouldn’t, it gets on the bank’s network, and it encrypts all of the files and all of the backups.
A lot of the smaller financial institutions don’t have endpoint-level protection, so ransomware has become like a plague. It’s spreading everywhere, and it’s getting very sophisticated. And it’s getting very expensive, in the tens of thousands of dollars, to decrypt files.
3C: How troublesome can it be if you get hit by ransomware?
Cassidy: Very troublesome. If the bank doesn’t have a good backup strategy, this can be devastating. You have to pay the ransom to get your files back. And the attackers are getting better at evading simple detection. It used to be when you saw a bunch of files change at once (being encrypted by the attacker), then you’d know that’s a ransomware attack. Now we’re seeing encryption slowly trickle in over weeks or months.
3C: What about spear phishing?
Cassidy: We’re seeing a huge spike in very sophisticated spear phishing, where they actually target known bank employees. The attackers look them up on social media, they might even try to get a home address for them from public voting records. And then they might use the fact that you were just promoted, and say, ‘Hey, great job on the promotion, could you just review this press release for me?” They’ll make it look like it’s coming from marketing. So the press release looks good, but the Word document is actually infected.
3C: Why are smaller financial institutions being targeted?
Cassidy: Attackers are now attacking smaller banks and credit unions because their defenses are slightly weaker. Once inside, they can pivot to the bank’s larger partners, either other bigger banks, or to vendors that they’re directly connected to.
3C: What does Praesidio bring to the table?
Cassidy: When a bank buys our product, they send all of their security data to our cloud service, and we use advanced anomaly detection and threat intelligence to detect when there are suspicious actors on their network and then inform them about it.
3C: How do you sell this to a bank president who thought somebody was already doing this?
Cassidy: Traditional solutions really just monitor your firewall and your external gates, but that’s not enough. You need to monitor your internal network traffic, as well. We’ve seen a lot of attackers that pivot within the network. And from the outside, it doesn’t look like anything really bad is happening. So we have internal network sensors monitoring all endpoints. We take all those logs and data up to our cloud service to be analyzed.
More stories related to security of financial institutions:
Why community banks, credit unions must address security risks
Small banks, credit unions on front lines of cybersecurity war
Anatomy of an attack: Leveraging Twitter to disrupt banking websites