How to Prioritize Cybersecurity to Defend Against Modern Bank Heists

There’s much to learn when it comes to financial sector cybersecurity. People are often surprised to learn the primary mission of the Secret Service is financial crime investigations. The Secret Service was set up right after the Civil War in the Treasury Department to investigate counterfeit currency. So, anytime you read about, North Korean money laundering or ransomware attacks or a bank hit by Russian cybercrime cartel, the people investigating those crimes are Secret Service special agents, not the FBI. 

Fun facts aside, financial sector security is a very difficult artform. While financial institutions arguably have some of the best security in the world, they are also being targeted by nation-states and the most advanced cybercrime cartels across the globe. I recently joined NetSPI managing director Nabil Hannan on the Agent of Influence podcast to explore the current state of the financial services threat landscape and share advice on how to protect against today’s adversaries. 

Now in its fourth year, my research paper, Modern Bank Heists 4.0, takes the pulse of the evolving cybersecurity threats facing financial institutions in 2021. From my interviews with 126 financial sector CISOs, there were a number of findings that are quite problematic. In this year’s survey, we saw:

  • A 57 percent increase in wire transfer fraud. A majority realized that the most advanced adversaries weren’t targeting the wire transfer systems themselves, they were looking at targeting nonpublic market information or market strategies of the financial institution.
  • A 118 percent increase of destructive attacks. Adversaries dropped ransomware in systems but did not ask for ransom, instead dropping wipers in systems to cripple those devices, and manually deleting logs or manipulating the value of time to disrupt the operations of the institution.
  • 38 percent of those surveyed experienced an increase in island hopping, outside of the SolarWinds incident.

Financial industry cybersecurity professionals have their work cut out for them. To help prioritize security efforts, in this blog, I’ll share opportunities to prevent cybercrime in today’s environment and improve your security posture.

First, from the consumer perspective, here are five tips to avoid becoming a victim of financial fraud:

  1. Anytime someone is requesting information from you of any sensitivity, double check the headers, the reply to, and the return path. If it does not match, you’re dealing with an imposter.
  2. Update your critical applications and your operating systems every Tuesday night. That’s when Silicon Valley pushes out its critical updates. 
  3. Regardless of the type of device you have, including iOS and Apple devices, you need next generation antivirus or an endpoint protection platform (EPP) to secure it. 
  4. Always use two-factor or multi-factor authentication. 
  5. If you’ve been compromised or if you see a persistent presence on your device, understand that all of your passwords have been compromised and need to be changed.

To protect against island hopping or supply chain attacks (i.e., SolarWinds), reinforce your defensive security posture. 

The SolarWinds breach was a wakeup call. It was a nation-state campaign that required hundreds of cybersecurity criminals to create the myriad of malicious code that was used to attack their constituency. They compromised the trust aspects of the signed certificate associated with the update for SolarWinds’ software to get their initial foothold, then moved laterally in a very elegant fashion, from manipulating timestamps to using steganography to deploying secondary command and control on sleep cycle, the list goes on. 

With this concept of island hopping, you need to have the conversation with your board and C-suite to come to an understanding that it’s not about whether your crown jewels are going to be compromised, it’s a question of whether your infrastructure will be commandeered to attack your constituency – that’s what we’re trying to prevent. 

To accomplish an effective defensive posture and countermeasures against supply chain attacks, there are a few tactics to deploy. First, conduct regular, weekly cyber threat hunts in your environment to try to identify behavioral anomalies before they manifest. Second, conduct a penetration test from inside out to understand the attack path that an adversary would leverage through your infrastructure to attack your constituency or your partners. Third, pursue the promise of rugged coding and test all code in production for exploitation [note: OWASP testing is fundamental]. You should never release code unless you’ve tested it for exploitation prior to going live. 

Lastly, in today’s world we are dealing with four nation states that are actively pursuing and targeting corporations, including software vendors. Information sharing with government agencies is fundamental because it is a bi-directional flow. The work that CISA, the Secret Service, and FBI do to engage and provide you with a heads up on cybercrime trends is imperative to understand when you’re dealing with a supply chain challenge where nation states are working to colonize the environment.

As the attack surface expands amid the pandemic, it is essential to achieve a secure hybrid cloud.

During the pandemic, many financial institutions were required to adopt some sort of cloud computing to support remote work. This increased the attack surface – and adversaries took advantage of that.

When you think of public cloud, think of it like this: You recently moved into a condominium complex. Not all HOA’s [public cloud providers] are equal in terms of how they secure that building, or how they work with the police in that neighborhood, nor how they control access to your floor or unit. People [organizations] must be responsible for the security of their own apartment [data, network], and should be conscious of what their neighbors [third-party partners] are doing. If they’re acting maliciously, they’re putting you in danger. 

Yes, the public cloud can enhance your security posture, especially for small businesses. But, for medium sized or large corporations the best path to pursue is that of hybrid cloud. It allows you greater capability to secure yourself against various attacks. However, many do not leverage workload security in hybrid environments. To get started, here are three considerations for securing the hybrid cloud:

  • Those who follow the cloud security models espoused by the NIST or the NSA have been the most successful. 
  • Those who have truly mobilized and enabled workload security and protection had a better chance of stopping many of today’s attacks. 
  • Do not over rely on Kubernetes to manage and protect containers and instances of containers. Embrace new forms of container security as hackers begin to push the envelope now on what can be done with container stuffing, container attacks, and the misuse of Kubernetes to leverage payloads.
For more financial sector cyber security insights and advice, listen to Episode 027 of Agent of Influence feast. Tom Kellermann.

Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.