Banking Technology June 2019 issue out now
Beyond human. Dreaming of a fintech tomorrow.
The latest edition of our flagship magazine – Banking Technology – is out now, packed with news, analysis and insights, case studies, research and expert commentary.
A note from our editor-in-chief, Tanya Andreasyan:
This month brings cautionary tales come from Eric Michaud, CEO and founder of security firm Rift Recon, who shared fascinating facts at the recent Verint Engage user conference.
For instance, since 2014, an international cybercriminal group has been targeting banks around the world and has made off with well over $300 million – by compromising the banks’ systems with malware and using the information they have mined. The gang – called Carbanak by the researchers – targets financial institutions in Russia, Japan, US and Europe. They start their attacks with spear-phishing emails to bank employees, who are instructed to open an attachment which contains malware, which the hackers use to infiltrate the bank’s networks and do extensive reconnaissance about the inner workings of the bank.
Armed with that knowledge, they masquerade as employees, and steal money in ways that they hope will not won’t raise an alarm. For example, by impersonating the employees the criminals would inflate an account’s balance, then transfer the extra money to an outside account. The legitimate owner of the account and the bank would usually not notice immediately what happened, because the legitimate funds were still there.
Another effective way to extract money, according to Michaud, is to instruct ATMs to dispense cash to an associate of the gang at a predetermined time. Apparently, one Kaspersky client lost $7.3 million through ATM withdrawals alone.
However, no bank has come forward and publicly acknowledged a breach.
“The average time to detection – you can quote me on this – is about 200 days. So, by the time the bank had discovered the breach, the cybercriminals had already got in and got their spoils out,” he said. “And they’re still there. Yes, 200 days later, you might not believe it but it’s true.”
And one more anecdote: a cryptocurrency exchange had its currency holdings got wiped out in an hour, and Rift Recon was called in. What happened was that criminal hackers found all the executives’ phone numbers on social media and enough information on the names of their kids, pets and other things from password breaches from LinkedIn and other services, where your password reset was probably going to be the one for your phone.
“They were using SMS as the two-factor authentication. So, for password recovery for your email, your phone is your identity, because that’s where everything goes. CEO and CFO got nailed, then all the other executives at the same time, their numbers got ported, within two minutes imported to a new SIM card, and then all of their passwords got reset to another number,” Michaud explained.
“It turned out the CEO was storing his private keys for his cryptocurrency in his phone with passwords. And then the hackers went to the CFO who did similar stuff, and then the comptroller got nailed. And then basically, they wired all of the money out into the network, and then all of a sudden, they pulled in all their email systems, everything went down. And all that money lost just because someone’s able to change your phone number.”
How good is your cybersecurity?
The June 2019 edition of Banking Technology features:
Cloud adoption – the future for the back office?
FinovateSpring: focusing on the digital future of fintech.
Dan Makoski, chief design officer of Lloyds Banking Group.
Digital platforms – transforming the loan experience.
BrightLife – clean energy and financial inclusion coming together in a social enterprise.
Infosys Finacle – core modernisation is essential for truly digital banking.
Rise up women – you can do it, you really can!
Challenger banks in Germany
Who’s who and what’s their tech?
Food for thought
A banker goes a-banking chapter 2.
Ask the expert
Practical and free advice on how to grow your business.
And not to forget the Regulars of course:
News – the good, the bad and the ugly.
Appointments – the movers and the shakers.
Industry events – mark your calendars!