Bank robbery—it’s one of the oldest crimes in the book. This get-rich-quick scheme, while not always successful, often leaves criminals untouched. Though the goals of bank robbers have remained the same over the years, their methods have evolved.
Today’s bank robbers are hiding behind the screen, using targeted and sophisticated cybercrime tactics and leaving IT teams struggling to keep their networks and their vaults secure.
Evolution of the bank attack
In 2015, the banking industry discovered a startling new type of threat: A massive cybercriminal ring was targeting banks using Carbanak malware. The machines infected with this malware had flown under the radar for two years, attacking the banks’ internal money-processing services and automated teller machines (ATMs). By the time they were uncovered by Kaspersky Labs, the attacks had already infiltrated over 100 banks in 30 countries, with thieves making off with as much as $1 billion.
What’s old is new again
New variants of the malware surfaced last fall, delivered through phishing attacks, and new criminal groups emerged as recently as this past February, employing similar tactics of spearphishing to embed customized malware and gain control over ATMs. Unfortunately, phishing attacks are still extremely prominent, and for good reason: They’re immensely successful.
Attackers take extreme care in developing convincing emails that appear to be legitimate banking communications to trick bank employees—or third parties with access to bank systems—into handing over their user credentials. Once inside, attackers exploit known vulnerabilities in commonly used applications that remain unpatched by large banks due to their cumbersome infrastructure.
One phishing campaign drove attackers to steal over $100 million from the Bangladesh central bank account at the Federal Reserve Bank of New York. Attackers spied on the Bangladesh Bank for weeks before the attack, quietly infiltrating dozens of computers with phishing attacks to steal credentials for payment transfers. Unlike the old days, when attackers meticulously and physically cased a bank to determine the best plan of attack, modern-day bank breaches actively entice victims through these deceptive practices.
How to stop hackers in their tracks
IT teams at banks have increased protection of customer data and limited credit card fraud, but the security of most banks' internal systems still need securing. Here are some ideas on how bank IT teams can improve their network security to better secure the vault:
Respond as if the network has already been breached. Adopting this mindset forces the IT team to prioritize the most business-critical parts of the network and use network segmentation as a strategy. When done correctly, network segmentation, achieved through the creation of network zones, limits the ability for a hacker to move laterally across a compromised network. Network segmentation requires continual updates and configurations, but it can mean the difference between a hacker getting only as far as an employee’s infected computer and helping themselves to the bank’s ATM systems.
Implement an enterprise-wide security policy. A well-defined security policy serves as a crucial road map for any bank IT team to maintain a truly adaptive security architecture. It’s what helps the people tasked with protecting the bank’s systems determine the best way for the network to operate with minimal risk. Additionally, the security policy should take into consideration all regulatory and enterprise compliance requirements and how to apply timely patches to maintain compliance.
Security policy enforcement. It’s one thing to have a security policy that defines how the IT platform behaves and another to actually validate that it is being enforced across your network. Doing the former but not the latter might allow you to comply with some regulations, but it won’t make your network safer. Organizations must constantly monitor their network for changes to configurations and ensure that these changes are approved and compliant with policy. It’s a collaborative effort across the enterprise—network operations, security operations, and the CIO.
Bank robbers aren’t committing physical acts the way they used to. This new generation of cybercriminals has an intimate knowledge of banking systems’ inner workings and are using vulnerabilities to their advantage.
While managing network security can be a complex, resource-intensive task, it’s crucial for senior management to have an accurate picture of the organization’s security posture at all times and the ability to act quickly to close any gaps.
Carbanak proved last year that stealing directly from a bank’s systems yields big payouts for cybercriminals, and the malware is showing no signs of slowing down, as new variants continue to emerge over a year later.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.