Article

Rick McElroy
Rick McElroy 5 July 2018
Categories B2B, Research, Technology

Twenty-first Century bank heists – more ransomware than romance as cybercriminals go for the digital vault

There used to be a certain romance about a classic bank robbery - the outlandish plots, the intricate planning and the ingenious strategies (often involving digging tunnels) designed to get criminals into the vault and out with the cash. In the 21st century, though, the digital banking revolution means that instead of cracking the vault, cybercriminals are concentrating on cracking the network and moving laterally within it to get their hands on the goods.

This doesn’t make for such great movie plots but it does mean that banks are facing a far more relentless threat to their security systems. We talked to CISOs at leading financial institutions to find out how today’s would-be bank robbers are targeting the digital vault.

It’s no surprise that the financial sector is constantly under attack as criminals pursue financial gain directly, or via the theft and sale of valuable customer data. The number of material cyber incidents reported to the Financial Conduct Authority rose 80% in 2017 and that trend is only likely to continue. More specifically, what we found when talking to CISOs is that the threat has undergone considerable evolution in the past three years and the last six months have seen still greater innovation from cybercriminals as they adopt new techniques, tactics and procedures to thwart banks’ attempts to keep them at bay.

The invisible invasion – fileless attacks on the rise

Instead of leaving a gaping hole in the door of the vault, cybercriminals would rather banks didn’t know they’d got in at all. Fileless or non-malware attacks are increasing as actors “hide in plain sight” using legitimate tools, such as PowerShell and Windows Management instrumentation, to gain illegitimate access to networks and facilitate lateral movement without detection. 90% of the CISOs we talked to had seen PowerShell being used during an attempted attack on their network. This awareness is actually a good thing, because with 97% of Carbon Black customers suffering non-malware attacks in the last year, if our CISOs hadn’t spotted an attack of this kind it would simply have meant that the attacker had succeeded in getting in unseen.

Ransomware remains a tactic of choice for cybercriminals with 90% of financial institutions reporting that they were targeted by a ransomware attack in 2017. The commoditisation of ransomware, which now sees it offered on an “as-a-service” basis, and the lack of expertise needed to carry out attacks means that it has become the lowest common denominator of cybercriminal activity and with financial gain being the primary motivation of most cybercriminals, it’s not surprising that banks are a regular target.

Criminal masterminds are getting smarter

So far, so familiar, but a most interesting and concerning development uncovered by our survey was that a quarter of CISOs had experienced counter-incident responses when defending their networks. Attackers have realised that network defence is often based on simple indicators of compromise that launch an automated or manual incident response playbook. By going off-script after their initial attempt, they can find another way in while security teams think they have thwarted the original threat.  Tactics include mutating code, targeting security analysts and engineers in separate but coordinated attacks, deleting logs from endpoints to obscure their activities and launching DDoS attacks on critical defence systems. As attacks grow in sophistication, cyber security becomes a high stakes game of digital chess, where the attacker only has to be lucky once, but defenders need to get it right every time.

The weakest link – third party providers

It’s not just their own security banks need to consider. The security of third party technology service providers is becoming an increasing concern as attackers seek out the weakest link in the chain. They use suppliers’ privileged credentials with the banks’ networks as a stepping stone to gain access to their real target. 44% of CISOs at financial institutions said they’re concerned about this issue and as more incidents come to light the scale of the problem will be more clearly revealed.

To combat the twenty-first century thief, we need to remember that we’re talking about human assailants here. It’s logical that attacks will grow more sophisticated as attackers learn more about companies’ defences – the potential loot is well worth the effort of innovation. Security teams are locked in a cycle of reactivity which needs to be broken if they are to gain the upper hand. So far, only 37% of financial institutions say that they have established threat hunting teams which means that, far from keeping thieves out of the building, 63% are still having to wait until they hear them knocking on the door of the vault before they can act. With an average of 220 days between intrusion and detection a lot of digital gold can leave the building before anything is done about it!

By actively threat hunting, teams look for signs of abnormal activity on endpoints that could indicate compromise well before any alerts are generated. To quickly detect and respond to threats, suppress intrusion and prevent lateral movement, financial institutions need to collect and analyse endpoint data in near-real-time. By doing this they can build up a ‘sight picture’ of attacker behaviour relating to internal movement and external command and control channels. Once these anomalies have been detected and analysed they can be communicated to existing control mechanisms and action taken to disrupt and contain the attacker’s kill chain.

In the age of the digital heist a proactive threat hunting strategy is far more effective at stemming the network invasion, capable of evolving alongside the TTPs used by assailants and stopping their digital tunnelling towards the vault. It won’t make such a classic heist movie, but it will put a bit of star power in the hands of CISOs and security teams who really are the lead actors in the fight against cybercrime.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Navigating the Future of Personalized Marketing with AI

Navigating the Future of Personalized Marketing with AI

In a world where seventy-one percent of consumers expect companies to deliver personalized interactions. And seventy-six percent get frustrated when this doesn’t happen. Personalization is no longer a luxury; it’s an...

Nick Watt
Nick Watt 21 September 2023
Read more
The Future of Ecommerce with the Metaverse

The Future of Ecommerce with the Metaverse

In a discussion on digital marketing and emerging trends, an aspiring digital marketer raised an intriguing question: "What does the future hold for e-commerce with the rise of the Metaverse?"

Mahboob Ali
Mahboob Ali 30 August 2023
Read more
The Sound of Success: Sonic Branding's Impact on Modern Marketing

The Sound of Success: Sonic Branding's Impact on Modern Marketing

Sonic branding, the practice of creating unique and memorable sounds to represent a brand, is emerging as a critical strategy in the modern marketing landscape. Whether it's a jingle that sticks in your mind or...

Domenique Comparetto
Domenique Comparetto 14 September 2023
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more
Streaming Society: The Social Impact of Live Streaming in the Digital Age

Streaming Society: The Social Impact of Live Streaming in the Digital Age

This article delves into the social impact of livestreaming, analyzing its influence on communication patterns, community formation, celebrity culture, mental health, and economic opportunities.

Sim Johnsons
Sim Johnsons 1 September 2023
Read more