The Cyberthreat Trends the Financial Sector Needs to Follow

By Scott Cutler, Director, Sales - UK&I MAM at Fortinet

For cybercriminals, a successful cyberattack has the potential to bring significant financial gain. Capitalising on the theft of information, whether credit card or banking data or the selling of personally identifiable information (PII) on the dark web, ultimately involves exploiting a person or organisation associated with the Financial Services sector.

As digital devices and infrastructures – such as connected homes, cars, and mobile devices – continue to be woven deeper into every aspect of our lives and as they expand their role in business, the attack surface grows.  In fact, our recent Threat Landscape Report shows that over 25 per cent of organisations experienced a mobile malware attack in Q3 of 2018, with the vast majority of those attacks targeting or originating from devices running the Android operating system. In fact, of all the threats organisations faced over this period of time, 14 per cent were Android related. By comparison, only .000311% of threats were targeted to Apple iOS.

The security implications of being mobile

Exploits targeting banking apps on mobile devices are a significant part of this growing threat. Their compromise allows attackers to steal data stored on a device, which they can then use to collect personal banking information by using phishing apps, intercepting data moving between a user and his or her online bank, and monitoring financial transactions when purchasing goods or services online. For example, the Android. banker. A2f8a malware targeted more than 200 banking apps to steal login credentials, hijack SMSs, and upload contact lists and other data onto a malicious server. It also displayed an overlay screen on top of legitimate apps to capture additional information.

Worryingly, these apps aren’t necessarily being downloaded from risky sites. Between August and October of 2018, 29 banking Trojans masquerading as legitimate apps were removed from the Google Play store, having been installed by 30,000 users.

Additional threat trends to keep on the FS radar

In addition to mobile threats, crypto jacking has become a gateway for other attacks.

In many industries, including financial services, crypto jacking has jumped ahead of ransomware as the malware of choice. The number of unique crypto jacking signatures nearly doubled in 2018, and the number of platforms compromised by crypto jacking jumped 38%. Perpetrators include advanced attackers using customised malware, as well as “as-a-service” options available on the dark web for novice criminals.

Encrypted data is also at risk, a key concern as it now represents 72 per cent of all network traffic, up from 55 per cent in 2017. The performance limitations of most legacy security solutions continues to affect organisations’ ability to inspect encrypted data at network speeds. As a result, rather than attempting to slow down time-sensitive financial transactions, a growing percentage of this traffic is simply not being adequately analysed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.

Last, but not least, botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organisation increased 34% over the last few months of 2018, rising from 7.6 to 10.2 days. This indicates that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organisations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting IoT and other devices that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected.

Cybersecurity must do’s

Digital transformation efforts have spread IT security resources thin, but there are some basic measures any organisation should take in order to address these attack vectors:

• Tie your digital transformation into a security transformation. This entails shifting from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, threat-intelligence is centrally collected and correlated, and threat detection and response is automated and uniform.
• Integrate and automate. As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial, which makes the implementation of truly expansive and integrated security automation essential, from data collection to coordinated responses to threats. To do this, organisations need to implement an integrated security platform where each element is designed to communicate with all the others in real time.
• Keep track of all mobile and IoT devices. Effectively combatting threats like crypto jacking involves maintaining a comprehensive inventory of devices and then baselining their behaviour. With this information in hand, organisations are able to monitor for unusual behaviours that may reflect crypto jacking and other malicious activity.
• Keep your customers safe. One recent analysis found that nearly a third of businesses use a mobile device to access a corporate bank account or facilitate a corporate transaction. To protect these customers, organisations can start by educating them about the use of legitimate banking applications. This includes constantly reminding them of what sorts of information FS organisations will – and won’t – ask for, such as online “password validation” or “account validation” techniques used by phishers and scammers. In addition, organisations should regularly scan the internet for fraudulent applications, warn consumers when they are found, and apply pressure on application stores to remove them from their inventories.

Cybersecurity challenges continue to grow, and financial institutions– especially those in the midst of digital transformation efforts – are the focus of attention for cybercriminals. To successfully address today’s challenges, financial services organisations need to rethink their strategy, from automating their security hygiene measures to replacing isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.