The FBI says it is investigating reports in the US media of recent cyber-attacks against several US banks. The reports suggest between two and five banks, including Wall Street giant JP Morgan Chase, have been targeted by financial Trojans. It would appear that Goldman Sachs, Morgan Stanley, Bank of America, Wells Fargo and Citigroup were not affected by this latest cyber-attack if insider reports prove to be correct; however, all of these institutions have been targeted in the past and have had data stolen and services disrupted.
The FBI gave no indication of who was responsible for this latest attack, but indicated that it was working closely with U.S. Secret Services to determine the scope of the attacks. Bloomberg News, on the other hand, claimed that because of the cyber-attack’s sophistication and America’s increasing involvement in the growing crises in Eastern Europe and the Middle East, the investigation was looking at the possible involvement of Russia.
JP Morgan declined to comment on the reports directly, but played down the attack stating that institutions of its size were subjected to similar cyber-attacks practically every day. But were these cyber-attacks ‘similar’ as JP Morgan has claimed? Well, not according to security experts like Symantec. The latest financial Trojan cyber-attack which used a virus disguised as a legitimate piece of software specifically targeted data, rather than the disruption of services more characteristic of the retaliatory attacks usually perpetrated by state actors. Such attacks are not normal or ‘similar’ to the sort of threats the banks have been used to combatting, but they are undoubtedly starting to be used more frequently by sophisticated hackers.
In a report published at the end of 2013, Symantec found Trojans had been used to target more than 1,400 financial institutions in 2013, with the top US banks being the main target. Whilst Symantec was easily able to identify incidences of cyber-attack, the same, however, could not be said about the motivations that lay behind these attacks. According to Orla Cox, a security operations manager at Symantec, banks now face multiple threats depending on the motivation of the hacker:
“The attacker is interested in financial consumer data but also a lot of times information on M&A and other stuff along those lines can be potentially interesting for reasons of corporate espionage, gaining competitive advantages,” she said.
The cyber security industry has known for some time that underground markets have sprung up in cyber-crime community which specialise in the buying and selling of information stolen from company computer networks. At one time any stolen information had to be immediately tradable to be of value. What has changed is that hackers are now quite happy to harvest as much information as possible and are prepared to sit on that information until such time as it has a real value. That’s the major concern, and that’s what’s troubling the security industry.
U.S. regulators warned earlier this year that denial of service attacks which disable ATMs and bank websites were rising dramatically. From these attacks criminals were able to extract funds from accounts far in excess of cash balances or ATM control limits. According to Michael Coates, director of product security at cyber-security firm, Shape Security, although banks are doing all within their powers to limit the damage that hackers can wreak, they are failing as the hackers are always staying two steps ahead of them. The reasons for this failure he put down to the complexity of current banking computing systems which afforded more opportunities for hackers to target various parts of the network and transaction systems. Speaking to the Financial Times, Mr Coates said:
“The potential for losses is humungous once criminals are inside the financial trading system of a bank. There are really no limitations of what you could do if you’re bypassing standard controls,” he said.
Banks may well have got used to cyber-threat and dealing with attacks on a regular basis, but times have changed and the threat has evolved at a much greater pace than the banks’ abilities to counter the threat. According to James Christiansen, vice-president for information risk at Accuvant, the banks can never win the war against cyber-criminals using old tactics and dated technologies. They need to move with the times and become every bit as sophisticated as their attackers. He told the FT:
“What has changed is the method of attacks – now slow and quiet, it is more difficult to detect and therefore allows the attacker time to determine the ultimate harm or value,” he said. “Organisations today have to continue to protect the important information but also need to assume they have been breached and use new techniques to find the breach.”
If you are concerned about the escalating security challenges and risk management issues facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].