In previous Security and Compliance blog articles, we've discussed advanced threats, including Advanced Persistent Threats (APT), and how they're affecting industries such as healthcare and retail. In today's post, we'll take a look at how they are impacting the banking and financial services industry.
Despite a tidal wave of new and updated regulations, along with continuing investments in network and data protection, financial organizations - and their customers - remain favorite targets for cyber criminals. Attacks are becoming more frequent and sophisticated than ever, with new variations of malware emerging on a regular basis, and self-service kits available for sale online for as little as $300.
One example of the ongoing evolution of threats can be seen in the latest research on SpyEye and ZeuS, two common and dangerous types of malware targeting banks. As detailed in a recent Reuters report, security researchers have discovered that new versions of these threats enable criminals to transfer money in and out of accounts automatically, without requiring anyone to supervise the process. While automation won't necessarily lessen the need for accomplices and money mules, as Dell SecureWorks analyst Brett Stone-Gross points out, it could enable thieves to extract more money from compromised accounts.
Another example is the Jericho Botnet, a variant of another well-known banking Trojan. According to Palo Alto Networks, researchers recently detected more than 42 unique but related samples designed to steal account passwords and login credentials. And since Jericho malware uses a combination of methods to stealthily inject itself into common applications such as Firefox, Chrome, Java, Outlook and Skype, most antivirus programs can't currently detect it.
Although retail banks and credit unions tend to make the headlines when breaches occur, as in the 2011 Citigroup breach, other financial organizations are increasingly feeling the impact of advanced threats, too. Thieves are still going after bank and card account details, but, as in other industries, they are also looking for intellectual property and corporate strategy information. Proprietary algorithms and other sensitive data from high frequency trading (HFT) firms and brokerages, for example, is now a prime target for criminals who may attempt to use social engineering, spear phishing and a wide range of other tactics to penetrate defenses.
Besides classifying data based on risk and sensitivity, security experts agree that one of the key imperatives for financial organizations - whether they're a regional credit union, a global bank or a hedge fund - is getting better visibility into what's going on inside and outside their network. In addition to threat intelligence, financial institutions can employ real-time, 24x7 monitoring of firewalls, web application firewalls, log files, security devices, and network infrastructure to help protect them against evolving attacks.
What about you? If you're in the banking industry, what threats have you seen recently? Do you employ around-the-clock monitoring and advanced analysis? If so, what are you doing with that information? Knowing the answers to questions like these can be an important step in protecting your business and customers.