Banking on risk intelligence to protect the digital vault

Banking on risk intelligence to protect the digital vault

Josh Lefkowitz

CEO at Flashpoint

Views 388

Banking on risk intelligence to protect the digital vault

09.08.2019 11:00 am

There’s no such thing as one size fits all when it comes to the intelligence needed to uncover, specify, and prevent cyberthreats. Each industry faces unique challenges and vulnerabilities as criminals tailor their activities to target prime assets. The financial services sector occupies an undeniable position in the crosshairs of cybercriminal activity. Intelligence analysts and cybersecurity teams tasked with protecting the business need in-depth understanding of the risks and weaknesses of financial institutions so they can mount an effective defence.

Targeting the digital vault

Banks and financial institutions face a complex set of circumstances when it comes to threat management and compliance risk. First, their “product” is the very thing that cybercriminals typically desire most – money – meaning that, unlike many other industries, they are directly targeted on the basis of their core activity. Instead of primarily targeting customers, cybercriminals are also focusing on stealing money directly from the source by attempting to access and maintain a persistent presence on banking networks such as the Society for Worldwide Interbank Financial Telecommunications (SWIFT) network. In 2016, for example, this presence was used in an attack against the Bangladesh Bank, which resulted in more than $850 million in fraudulent transactions initiated through the network.

Second, banks collect and process huge amounts of personally identifiable information (PII) to verify customer identities and protect against fraud. This credential data is a sought-after commodity among criminals who plan to use it to perpetuate the very fraud it’s meant to prevent. The risk here lies on at least two fronts: the data stored on bank networks may be targeted directly, such as through credential theft, credential-stuffing attacks, or insider threats, among other means. Alternatively, the bank’s customers may be hit by phishing and other social engineering schemes as well as banking trojans designed to steal their passwords, other security information and credit/debit card numbers.

In addition to these external threats, financial institutions have to manage insider threat risk, and the regulatory and compliance risks they face if their systems are used for illicit purposes such as money laundering.

Tracking emerging tactics, techniques, and procedures

Faced with this litany of threats via multiple vectors, banks adopt a strong defensive posture to protect systems and customers. From physical security to cybersecurity, the finance sector is probably the most advanced in the world.

Defence is less effective, however, without solid intelligence on specific risks that guide where efforts should be focused. To ensure that financial institutions are marshalling their defences effectively, and prioritising responses to meet current and emerging threats, business risk intelligence (BRI) provides essential context.

The effective use of BRI starts with anti-fraud and cybersecurity teams working together to build a comprehensive picture of business risk and the weaknesses exacerbating that risk. They then map this information to current intelligence about how their adversaries are planning to exploit those weaknesses. This intelligence can be gathered from multiple sources, from illicit deep & dark web (DDW) forums and open web sources, to “card shops” where stolen credit card data is offered for sale – anywhere cybercriminals discuss tactics, plan campaigns, and market their stolen goods. The aim is to utilize the security and anti-fraud teams’ knowledge of the high-level threats the institution faces to hone in on specific indicators of emerging threats directly targeting the company. 

From general risk to specific threat

Take as an example the issue of password security. Passwords are a weakness in the security chain and hackers regularly devise tools to crack them and access accounts. Consequently, banks devote resources to protecting against this general threat. However, when BRI uncovers a DDW actor that has released a new version of a password-cracking tool specifically designed to compromise online accounts of a particular bank, that bank can use this information to act swiftly to mitigate the vulnerability.

Similarly, money laundering is a critical risk for financial institutions who are subject to strict regulation with international jurisdiction and large financial penalties for negligence. All institutions must protect against money laundering through robust policies and compliance checks. However, cybercriminals are always looking for new ways to launder money, so companies must remain alert. As a case in point, our BRI analysts observed discussion of a new criminal technique to launder funds from compromised bank accounts and stolen credit cards by leveraging subscription services offered with business accounts with a major online payment service. Alerted to this risk, clients were able to take corrective measures to protect customer accounts and eliminate that specific money-laundering risk.

Thinking ahead to monitor strategic risk

Risk assessments and threat monitoring cannot be limited to a point-in-time activity. The financial services environment is constantly changing and threats emerge and evolve to match. As fast as the sector devises new ways to serve customers and provide convenient, secure access to banking, the cybercriminal community is working on ways to infiltrate and leverage them. The use of mobile phone text codes, used to provide authorisation for transactions, is one such example. This additional security layer was exploited earlier this year by cybercriminals who intercepted messages by tracking customers’ phones, and used the information gleaned to empty bank accounts.

Financial institutions need to think ahead whenever a new feature or service is introduced and anticipate how it might be breached, because they can be certain that threat actors are doing just that. Our analysts encountered this prior to the launch of chip-based credit cards in the US. They spotted indicators of compromise on the DDW relating to EMV chip recording software and manufacturing techniques that could be used to make fake chip-enabled cards. This intelligence was used to inform rollout strategies and re-evaluate the risk associated with EMV.   

Intelligence analysts need to be fully briefed on the roadmap for financial products and services so that they can keep watch for evidence of emerging threats in the cybercriminal communities that they monitor. Armed with BRI, financial institutions can assess risk and identify specific threats. They can also adjust their risk posture based on valid intelligence and better focus defensive activities. This strengthens their ability to protect the digital vault and keep customers’ money, and data, safer.

Latest blogs

Jane Jee Kompli-Global

Criminals cash in on new technology – so why don’t the gatekeepers?

As newer, more innovative technology enters the market, it is criminals, rather than law-abiding citizens, who are often the first to exploit it. A 2017 report by Europol stated that the serious and organised crime landscape in the EU has changed Read more »

Suresh Vaghjiani Tribe Payments

Innovation feast or famine: Why payment companies need a “modular” mindset

In the world of payments, introducing new services is a tiresome and complex process. Having a fast, agile response to market and customer demands is near-impossible. While the fintech revolution has made every payments firm want—and need—to Read more »

Lina Andolf-Orup Fingerprints

Contactless gets a makeover in the UK

The deadline hanging over Europe is finally here. No, not Brexit, but PSD2’s September 14 mandate for the implementation of SCA (or, to those unfamiliar, Strong Customer Authentication). The European law and its implementation by banks has stirred a Read more »

Chris Trew Stratis

Blockchain and the cashless society

It took 200 years before the invention of the printing press heralded the widespread use of modern banknotes. Four centuries on and blockchain technology – still barely a decade old – is moving so rapidly that the days of cash are surely numbered. Read more »

James Booth PPRO

Pioneers of the ‘think global, act local’ outlook

The term ‘global village’ has been in use since the 1960s, but the internet has really turbo-charged the idea. It has shrunk both distance and time, making the world more interconnected. People can now exchange messages, stories, opinions, posts and Read more »

Related Blogs

Jane Jee Kompli-Global

Criminals cash in on new technology – so why don’t the gatekeepers?

As newer, more innovative technology enters the market, it is criminals, rather than law-abiding citizens, who are often the first to exploit it. A 2017 report by Europol stated that the serious and organised crime landscape in the EU has changed Read more »

Lina Andolf-Orup Fingerprints

Contactless gets a makeover in the UK

The deadline hanging over Europe is finally here. No, not Brexit, but PSD2’s September 14 mandate for the implementation of SCA (or, to those unfamiliar, Strong Customer Authentication). The European law and its implementation by banks has stirred a Read more »

James Booth PPRO

Pioneers of the ‘think global, act local’ outlook

The term ‘global village’ has been in use since the 1960s, but the internet has really turbo-charged the idea. It has shrunk both distance and time, making the world more interconnected. People can now exchange messages, stories, opinions, posts and Read more »

Eugene Danilki Mambu

Launching Speed Boats from Cruise Ships: How incumbents can take on fintech challengers

Digital technology has changed financial services.  It has facilitated innovation, increased competition and made the mobile customer experience the key differentiator. While this is good for customers, established institutions have realise that Read more »

Martin Kisby Equiniti Credit Services

The Senior Management and Certification Regime (SM&CR) – what is it and why do we need it?

Following the banking crisis in 2008, the Parliamentary Commission for Banking Standards (PCBS) recommended the creation of a new framework focused on increasing senior management accountability. Based on this recommendation, Parliament passed Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel