Rick McElroy
Rick McElroy 5 July 2018
Categories B2B, Research, Technology

Twenty-first Century bank heists – more ransomware than romance as cybercriminals go for the digital vault

There used to be a certain romance about a classic bank robbery - the outlandish plots, the intricate planning and the ingenious strategies (often involving digging tunnels) designed to get criminals into the vault and out with the cash. In the 21st century, though, the digital banking revolution means that instead of cracking the vault, cybercriminals are concentrating on cracking the network and moving laterally within it to get their hands on the goods.

This doesn’t make for such great movie plots but it does mean that banks are facing a far more relentless threat to their security systems. We talked to CISOs at leading financial institutions to find out how today’s would-be bank robbers are targeting the digital vault.

It’s no surprise that the financial sector is constantly under attack as criminals pursue financial gain directly, or via the theft and sale of valuable customer data. The number of material cyber incidents reported to the Financial Conduct Authority rose 80% in 2017 and that trend is only likely to continue. More specifically, what we found when talking to CISOs is that the threat has undergone considerable evolution in the past three years and the last six months have seen still greater innovation from cybercriminals as they adopt new techniques, tactics and procedures to thwart banks’ attempts to keep them at bay.

The invisible invasion – fileless attacks on the rise

Instead of leaving a gaping hole in the door of the vault, cybercriminals would rather banks didn’t know they’d got in at all. Fileless or non-malware attacks are increasing as actors “hide in plain sight” using legitimate tools, such as PowerShell and Windows Management instrumentation, to gain illegitimate access to networks and facilitate lateral movement without detection. 90% of the CISOs we talked to had seen PowerShell being used during an attempted attack on their network. This awareness is actually a good thing, because with 97% of Carbon Black customers suffering non-malware attacks in the last year, if our CISOs hadn’t spotted an attack of this kind it would simply have meant that the attacker had succeeded in getting in unseen.

Ransomware remains a tactic of choice for cybercriminals with 90% of financial institutions reporting that they were targeted by a ransomware attack in 2017. The commoditisation of ransomware, which now sees it offered on an “as-a-service” basis, and the lack of expertise needed to carry out attacks means that it has become the lowest common denominator of cybercriminal activity and with financial gain being the primary motivation of most cybercriminals, it’s not surprising that banks are a regular target.

Criminal masterminds are getting smarter

So far, so familiar, but a most interesting and concerning development uncovered by our survey was that a quarter of CISOs had experienced counter-incident responses when defending their networks. Attackers have realised that network defence is often based on simple indicators of compromise that launch an automated or manual incident response playbook. By going off-script after their initial attempt, they can find another way in while security teams think they have thwarted the original threat.  Tactics include mutating code, targeting security analysts and engineers in separate but coordinated attacks, deleting logs from endpoints to obscure their activities and launching DDoS attacks on critical defence systems. As attacks grow in sophistication, cyber security becomes a high stakes game of digital chess, where the attacker only has to be lucky once, but defenders need to get it right every time.

The weakest link – third party providers

It’s not just their own security banks need to consider. The security of third party technology service providers is becoming an increasing concern as attackers seek out the weakest link in the chain. They use suppliers’ privileged credentials with the banks’ networks as a stepping stone to gain access to their real target. 44% of CISOs at financial institutions said they’re concerned about this issue and as more incidents come to light the scale of the problem will be more clearly revealed.

To combat the twenty-first century thief, we need to remember that we’re talking about human assailants here. It’s logical that attacks will grow more sophisticated as attackers learn more about companies’ defences – the potential loot is well worth the effort of innovation. Security teams are locked in a cycle of reactivity which needs to be broken if they are to gain the upper hand. So far, only 37% of financial institutions say that they have established threat hunting teams which means that, far from keeping thieves out of the building, 63% are still having to wait until they hear them knocking on the door of the vault before they can act. With an average of 220 days between intrusion and detection a lot of digital gold can leave the building before anything is done about it!

By actively threat hunting, teams look for signs of abnormal activity on endpoints that could indicate compromise well before any alerts are generated. To quickly detect and respond to threats, suppress intrusion and prevent lateral movement, financial institutions need to collect and analyse endpoint data in near-real-time. By doing this they can build up a ‘sight picture’ of attacker behaviour relating to internal movement and external command and control channels. Once these anomalies have been detected and analysed they can be communicated to existing control mechanisms and action taken to disrupt and contain the attacker’s kill chain.

In the age of the digital heist a proactive threat hunting strategy is far more effective at stemming the network invasion, capable of evolving alongside the TTPs used by assailants and stopping their digital tunnelling towards the vault. It won’t make such a classic heist movie, but it will put a bit of star power in the hands of CISOs and security teams who really are the lead actors in the fight against cybercrime.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
McDonald's: the History and Evolution of a Famous Logo

McDonald's: the History and Evolution of a Famous Logo

McDonald's logo is one of the most recognizable in the world. What does the logo of this brand mean, how did it evolve and what is the secret to the success of McDonald’s fast food network?

Anna Kuznetsova
Anna Kuznetsova 24 October 2019
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
The 3 Most Important Stages In Your Presentation

The 3 Most Important Stages In Your Presentation

If you want to deliver a presentation on a particular topic and you have to prepare yourself for it you should make sure that you go through several very important stages in order to craft a compelling, persuasive and...

Nicky Nikolaev
Nicky Nikolaev 16 February 2016
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more