Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Which cyber attacks most threaten financial institutions?

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,602
Reaction score
126
The finance sector is perhaps the most obvious target for cyber attacks.

Moving vast amounts of money around, banks and other financial institutions attract criminals after material gain. But because of their inherent power, financial institutions also attract political activists (hacktivists) and nation-state-backed hackers intent on destabilising economies, countries and trading blocs.

Cyber threats vary in their manner and impact and a concerted campaign will blend different attack types at different stages. Attacks on financial organisations seek one or more of the following:

  1. User accounts for email and other systems
  2. Access to confidential transactional data
  3. Copying and extracting of customer account data
  4. Control over transactional systems, either to steal or disrupt

A campaign might start with spear-phishing to gain access to a particular person’s PC. This is then used to send clone emails to others in the organisation, eventually getting high-level access to systems. Then data is stolen via exfiltration or systems deliberately crashed, depending on the overall goals of the hackers.

What are all these different attacks and how do they damage financial organisations?

Types of cyber threat

Phishing and its various off-shoots


Phishing is the number one way for cyber criminals to get a foothold in your network.

Some emails use a scatter-gun approach, sending the same generic email to a large number of email addresses. They’ll superficially resemble emails from delivery companies, online shopping platforms, banks or other widely-known organisations. They are usually deployed by criminals rather than hacktivists.

Spear phishing is targeted and more sophisticated, using company logos and graphics in emails that target a particular organisation, sometimes an individual, like a technical supervisor with privileged system access.

Whaling is a subset of spear phishing where the targets are high level. They’ll include directors and C-suite members, particularly the non-technical ones who may not be as cautious as a CISO or CIO.

Clone phishing is a variant where a copy of a previously seen message is created and sent from an email address as close as possible to a company address. Often this is a second stage – the email will be sent from an already compromised but low-level system, to try and gain access to higher level systems.

Malware


Often the intent of a phishing email is to draw people into downloading and installing malware. This generic term covers a multitude of malicious programs but the ones most likely to be used against financial institutions are:

Trojans – masquerade as legitimate programs but once installed can be used to run a variety of other malicious programs, mostly aimed at finding confidential information

Spyware – looks for potentially useful information and sends it back to the hackers

Keyboard logger –type of spyware that records keystrokes to collect usernames and passwords

Other types of malware, including ransomware and cryptocurrency mining software, are usually launched indiscriminately. Financial organisations are as likely to be hit by them as any other organisation (and should protect against them) but rarely as part of a targeted campaign.

Data exfiltration


This term refers to a technique for taking data out of the organisation once unauthorised access is achieved. The internet and internal networks rely on a Domain Name System (DNS) where packets of data are directed to the correct servers (it translates between domain names and IP addresses).

With the right malware in place, criminals can hide stolen data within DNS data packets. As they are so crucial to basic network operations, these packets need to pass through defensive firewalls. Theft is therefore hard to spot and prevent.

The intent with exfiltration by criminals is two-fold. Access to account details allows money to be fraudulently moved or stolen, but there is also money to be made selling personal details on the ‘dark web’; the areas where policing is light and criminals trade malware toolkits, stolen data and much more. This means that it’s not just institutions holding funds that need to be concerned with cyber threats – all financial organisations are at risk.

Distributed Denial of Service (DDoS) attacks


DDoS attacks are very different and serve to prevent companies operating.

As DNS is crucial to effective network operation, criminals have developed ways to cripple networks by overloading servers with thousands of spurious requests. The DNS servers do their best to respond to them but eventually slow to a crawl or crash, rendering the network unusable. This prevents the business from doing almost all work that relies on connection to a computer.

Often a DDoS attack is launched by a botnet, a group of many compromised PCs (sometimes thousands) in the control of a hacker. This makes it harder to shut down – if it were only a few computers, those addresses could be blocked and the attack halted.

DDoS attacks are often used by hacktivists to disrupt and damage financial institutions as seems likely with the attack on the Netherlands’ financial institutions in February. But while under a DDoS attack, it’s imperative to start looking for other active cyber threats. If it is a criminal campaign, posing as a hacktivist attack, it could be a smoke screen to hide other simultaneous tactics – perhaps exfiltration or an attempt to crack financial computer systems.

Find out more


Our white paper on security for financial institutions covers the ground in more detail, including how Nominet’s tools and services use the DNS as a protective shield to help organisations cope with digital transformation and regulatory compliance.

To download a copy of the white paper simply enter a few details here.

The post Which cyber attacks most threaten financial institutions? appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom