https://www.fintechfutures.com/wp-content/themes/fintech_child/assets/images/logo/fintech-logo.png
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
Banking Technology
  • NEWSLETTER
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech

bankingtech.com

bankingtech.com


Financial institutions and Cybercrime: It’s only just begun

  • Written by FinTech Futures
  • 28th July 2014
Alex Raistrick Palo Alto Networks

Alex Raistrick is VP Western Europe at Palo Alto Networks

A recent bout of high profile cyber-attacks on financial institutions across the UK, US and Canada has put the spotlight back on the importance of data security and the need to be diligent when it comes to cybersecurity within the banking industry, writes Alex Raistrick.

Over the last few weeks GOZeuS and Cryptolocker malware has enabled cyber criminals to attack banks and steal hundreds of millions of pounds by accessing bank login credentials. This has been just one of many attacks in the on-going battle between banking systems and the Cryptolocker malware family.

The UK National Crime Agency even issued a warning about GoZeuS and Cryptolocker malware and a similar alert was raised in the US by the US-Cert. It may now only be a matter of time before these attacks start targeting banking institutions across Europe.

GameOver Zeus is a bank credential-stealing malware first identified in 2011 that has plagued the banking industry since then. It’s often used by cybercriminals to target Windows based personal computers and web servers as well as carry out command-control attacks.

Like many malware families today, Zeus and Cryptolocker use various Domain Generation Algorithms to reach out to their command and control servers via DNS to establish contact and receive instructions. There are up to 1,000 domains per day that these families target.

As part of the proactive takedown initiated by the FBI in 2014, cybersecurity firms received intelligence that included about 250,000 URLs that P2PZeus and Cryptolocker will reach out to for the next 3 years. Malware attacks are evolving in sophistication which means that financial institutions in the UK and Europe need to re-examine the security protocols they have in place to protect their data and customers against potential attacks.

Financial institutions will always be a prime target for cybercriminals due the large amounts of money that can be acquired upon infiltration. Data breaches against Standard Chartered customer data and phishing websites designed to steal PINs and One-Time-Passwords from POSB customers make the job of banks protecting themselves harder, but there is a lot that can be done for financial organisations to prepare for such attacks.

One way is for businesses to be proactive when it comes to the growing dilemma between controlling IT costs versus the imperative to tighten security. This is especially important around technology initiatives such as mobile computing. Many financial organisations are in the process of retiring their Blackberry devices that were provided years ago to employees with the goal to improve work flexibility and productivity. Old devices are now replaced by a full BYOD model with employees allowed to use their chosen devices to connect to their enterprise network. Therefore, it’s important that IT departments deploy solutions that will force all traffic coming from mobile devices to go through security checks.

Another key step is for organisations to make sure they use IPS signatures to prevent vulnerabilities from being exploited by client-side attacks that could drop Zeus or Cryptolocker. Companies can consider inline blocking with a strict IPS policy as well as using a drive-by download that would drop the malware on the system and prevent vulnerability.

Businesses can easily help protect their networks by controlling the software update process. Malware authors prey on social engineering tactics to convince employees to install fake Reader, Flash and Java updates – but these can be part of the infection vector. It’s important that companies recommend that employees do not install Adobe Reader, Flash and Java updates from unofficial sources if these pop-up. Businesses can play it safe by having all their update installs controlled by the IT group or to explicitly direct users to visit the official software vendor website for updates.

Focusing on better network segmentation is also a key way to reduce the risk of being compromised. Many threats come from the inside of an organisation, which makes any security strategy based primarily on perimeter protection almost void. Network segmentation helps to block attacks trying to spread from one area of the network to another. Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.

Sharing threat information is also a great way for enterprises to learn additional way to protect themselves. Many cybercriminals operate within communities so it’s important that enterprises share threat intelligence more systematically and create a stronger sense of community against cyber criminals.

While the threat landscape across the European region and the world continues to evolve and change, financial institutions must remember they have a responsibility to protect their customers, making it imperative for organisations and their employees to understand the vulnerabilities that exist in the network. It’s vital that enterprises, governments and standard organisations collaborate and leverage expertise in order to adapt and overcome the evolving sophisticated security threats that the finance sector continually faces.

Tags: Financial Crime & Fraud malware, Palo Alto Networks Analysis, Industry Comment

Leave a comment Cancel reply

-or-

Log in with your FinTech Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related


  • Digitisation answers the quest for risk mitigation in global trade
    These concerns have been heightened by a series of fraud allegations relating to commodity transactions.
  • Lock up your innovation department
    Perfect the art of incremental business improvements in the cheapest and most efficient ways, before the competition.
  • Six trends that will change the crypto world in 2021
    Which coins will rise in price and which ones will fall?
  • Israeli remittance fintech Rewire targets one million customers by end of 2021
    Rewire currently boasts more than 200,000 European accounts.
  • Invincible TikTok: why video services are exciting and daunting at the same time
    The ethical side of using AI video is becoming an increasingly acute problem today.
  • Embedded insurance: a $3tn market opportunity, that could also help close the protection gap
    All players should look carefully at this space and define strategies of "where to play" and "how to win".
  • The What the Fintech? podcast
    What the Fintech? Season one | Fintech Jail
    Here's a list of all the buzzwords in our What the Fintech podcast game, "Fintech Jail".
  • 2020 in review: Top core banking stories
    We run down the most interesting core banking stories from this year.

Related Content

  • 2020 review: 10 largest bank job cuts this year
  • Banks and bad actors: the race to digitally adapt
  • 2020 review: Top 10 fintech and bank M&A deals
  • Modernising through legacy tech: powering the next wave of fintech innovation

Magazine

Banking Technology December/January issue out now

16th December 2020

Banking Technology November issue out now

  • 1
13th November 2020
view all

Reports & Surveys

Omdia Universe 2020-21: Temenos recognised as a leader for digital banking platforms

15th December 2020

Report: Digital KYB – a springboard to customer onboarding success

30th November 2020

Report: Three key strategies for customer experience success

15th November 2020
view all

Content Hubs

COVID-19: industry impact & response

26th June 2020

The rise of challenger banks around the world

26th June 2020

CRUX RegTech Digital Day – 28 July 2020

26th June 2020
view all

Podcast

What the Fintech? Episode 18 | Year in review

18th December 2020

What the Fintech? Episode 17 | The spirit is willing, but the markets are weak

1st December 2020

What the Fintech? Episode 16 | Financial inclusion 2020

16th November 2020
view all

Videos

Video: Top fintech stories this week – 15 January 2021

15th January 2021

Video: Top fintech stories this week – 08 January 2021

8th January 2021

Video: Top fintech stories this week – 11 December 2020

13th December 2020
view all

White Papers

Embedded insurance: a $3tn market opportunity, that could also help close the protection gap

4th January 2021

White paper: The business value of ServiceNow for retail banks

12th December 2020

E-book: Migration to cloud – your guide to delivering an intuitive customer experience

8th December 2020
view all

Techwire

Defiance Cross-Lists the First Ever 5G ETF (FIVG) and SPAC ETF (SPAK) in Mexico

15th January 2021

Socure to Power Responsible Growth for Online Gaming Operators in Eleven U.S. States with Intelligent KYC

15th January 2021

SWBC Selects Finicity Pay™ for Account Validation

15th January 2021

Latinia invests in fintech company Ábaco to boost financial inclusion in the region

15th January 2021

TPG Growth and The Rise Fund Make Major Investment in Greenhouse Software

14th January 2021

BlackRock Boosts Aladdin’s Forward-Looking Sustainability Analytics and Reporting Capabilities Through Strategic Partnership with Clarity AI

14th January 2021

SIMON Invests in Key Strategic Growth, Welcomes Scott Stolz as Head of Insurance Solutions

14th January 2021

Strivve Accelerates Growth and Business Momentum in 2020

14th January 2021
view all

Twitter

FinTech_Futures

Understanding the three key trends in SME banking for 2021 "The pandemic has accelerated digital transformation in… twitter.com/i/web/status/1…

18th January 2021
FinTech_Futures

US banks must embrace touchless banking in 2021 to stay relevant Sponsored insights fintechfutures.com/2021/01/us-ban…

18th January 2021
FinTech_Futures

.@GoldmanSachs mulls acquisitions to bulk up @marcus_uk as reports anticipate the bank to announce slow consumer le… twitter.com/i/web/status/1…

18th January 2021
FinTech_Futures

.@Temenos shakes up executive team with changes at the top fintechfutures.com/2021/01/temeno…

18th January 2021
FinTech_Futures

.@Tandem_Bank quotes same “material uncertainty” as @Monzo in 2019 financials as losses increase 38% fintechfutures.com/2021/01/tandem…

18th January 2021
FinTech_Futures

.@CMEGroup and @IHSMarkit create post trade joint venture fintechfutures.com/2021/01/cme-gr…

18th January 2021
FinTech_Futures

Vietnamese 'super app' hopeful MoMo lands $100m Series D fintechfutures.com/2021/01/vietna…

18th January 2021
FinTech_Futures

.@mX ties up $300m in Series C funding led by @tpg Capital fintechfutures.com/2021/01/mx-tie…

18th January 2021

Report: Digital Know Your Business (KYB)

Free download

Report: Three key strategies for CX success

Free download

Omdia Universe: selecting a digital banking platform

Free download

FinTech Futures Jobs

Find a job or post a vacancy

Fintech Futures
  • About us
  • Advertise with us
  • Contact us
  • Fintech jobs
  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X