The financial sector has long been heavily targeted by cybercriminals. Over the years, the number of Cyberthreats and attacks that involved extortion, social engineering, and credential-stealing malware has surged rapidly. This means that financial institutions should strive to familiarise themselves with the threats and the agents behind them. Here are seven new threats and tactics, techniques, and procedures that security professionals should know about.
Distributed denial of service (DDoS) attacks, which are typically delivered from massive botnets of zombie computers or internet of things (IoT) devices, have been used to bring down banking networks. This occurs when a targeted server or system is overwhelmed by multiple compromised networks. It’s essentially like a traffic jam clogging up the highway, preventing regular traffic from arriving at its intended destination.
Some cybercriminals are relentless with DDoS attacks and follow them up with cyberextortion, demanding payment in return for release from costly downtime. Banks cannot defend against these attacks alone, so they rapidly share information among themselves through organisations such as FS-ISAC4 and rely upon the ability of their internet service provider to handle and redirect massive quantities of traffic.
Social media attacks
Cybercriminals and Spear phishing
Spear phishing is an attack where cybercriminals send out targeted emails ostensibly from a known or trusted sender in order to trick the recipient into giving out confidential information. Over the years, hackers have upped their game and cast a bigger net, targeting unwitting employees to wire money. This attack is called business email compromise (BEC), where a fraudster will purport to be a CEO or CFO and request for large money transfers to bogus accounts.
Point-of-sale (PoS) malware
PoS malware targets PoS terminals to steal customer payment (especially credit card) data from retail checkout systems. Cybercriminals use a memory scraper that operates by instantly detecting unencrypted type 2 credit card data, which is then sent to the attacker’s computer to be sold on underground sites.
GreenDispenser is an ATM-specific malware that infects ATMs and allows criminals to extract large sums of money while avoiding detection. Recently, reverse ATM attacks have also emerged. Here, PoS terminals are compromised and money mules reverse transactions after money is withdrawn or sent to another bank account. In October 2015, issuers were mandated to shift to EMV or Chip-and-PIN system to address the weakness of the previous payment system.
Credential theft malware
Dridex, a well-known credential-stealing software, is a banking Trojan that is generally distributed through phishing emails. It infects computers, steal credentials, and obtain money from victims’ bank accounts.
Other sophisticated threats
Various data breach methods can be combined to extract data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organised crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATMs of cash.
Additionally, with the rise of cryptocurrency, cybercriminals are utilising cryptojacking, a method that involves the secret use of devices to mine cryptocurrency.
The creation of defensive measures requires extensive knowledge of the lurking threats, and our team of experts is up to date on the latest security information. If you have any questions, feel free to contact Multi IT today or give us a call on 011 435 0400 to find out more about TTPs and other weapons in the hacker’s toolbox.