Malware Protection for Financial Services

Cyber ​​security is needed to provide the best malware protection for financial services

Adding a centralized and dedicated TLS / SSL inspection allows the Zero Trust model to work

“… the financial services industry continues to have the highest cost of cybercrime,” – Chris Thompson, Head of Global Security and Resilience – Financial Services, Accenture Security

Cyber ​​security has become everyone’s problem because no one is safe from attack, and just like a line of dominoes, when a person or organization falls, it can compromise the security of whatever it is connected to. . That said, some organizations are much more interesting and lucrative than others as targets for cyber attacks. In recent years, bad guys have stepped up attacks on large corporations in general and financial institutions in particular. Why? The reason is the same as when Willie Sutton, a bank robber in the 1920s and 1930s, was asked why he robbed banks; he replied, “Because that’s where the money is.” “

Since attacking consumers directly, compared to large corporations and financial organizations, is much more work with much less payoff, we have seen a steady decline in, for example, the use of banking malware to steal user credentials. According to Kaspersky, an anti-malware security provider, the number of bank malware detections fell from 773,943 in 2019 to 625,364 in 2020, a drop of almost 20%.

Another factor has been the evolving opportunities for cyber attacks: The combination of the remote working explosion in 2020 and the resulting chaos as businesses adapted to the new environment meant that crooks and hackers alike. had a whole host of new attack vectors. Many of the previous regional or national hacking collaborations became international and commercial, and as a result, a whole new catalog of tools and techniques that made it easier to launch malware attacks became available to a global audience of bad actors. .

The Boston Consulting Group 2020 study found that banking and financial institutions are 300 times more vulnerable to a cyberattack than other businesses, while an Accenture study found that “the average annualized cost of cybercrime to global financial services companies rose to 18.5 million US dollars, the highest. of all industries included in the study and more than 40% higher than the average cost of US $ 13 million per firm across all industries.

Recent cybersecurity attacks

Recent examples of the scale and scale of malware attacks include cyber attacks against Colonial Pipeline, a fuel pipeline operator that supplies approximately 45% of the fuel consumed on the US East Coast, and JBS, the world’s largest meat processor that supplies more than 20 percent of American beef. Both companies were recently shut down by ransomware using what amounts to low-cost, cling-wrapped malware available in black markets on the Dark Web.

While cyber attacks on infrastructure companies such as fuel distribution and food products are of great concern, the financial sector is an even greater threat to our economy due to amplifying factors where breach of a single vendor or service provider affects many customers. Consider the Equifax breach in 2017 that affected 143 million consumers. Hackers entered Equifax’s system through a consumer complaints portal via a known software vulnerability that had not been patched.

The attack would have ended there, except that Equifax’s internal systems were not isolated from each other, so attackers could jump from their entry point to other more valuable servers. Finally, because Equifax had failed to renew an encryption certificate on one of its internal security tools, attackers were able to exfiltrate data out of the network in an encrypted form that went undetected for several months. .

While the Equifax attack was successful due to poor network management and design, malware and ransomware attacks are increasingly common due to other systemic weaknesses. Bluevoyant, a cybersecurity company, commissioned a global cyber risk survey of 253 CIOs, CISOs and DPCs in the financial services industry and found that:

  • 85% have experienced a breach due to weaknesses in their supply chain in the past 12 months
  • 38% use vendor risk data and analytics in their third-party cyber risk management program
  • 38% audit and report third-party cyber risks every six months or less frequently
  • 89% have seen their cyber risk management budget increase in the past 12 months.

Risks of the future

Although “traditional” methods of compromising the security of targets are still used – this includes brute force attacks, exploits based on known weaknesses, and so on. “Spear-phishing”) as well as the introduction of increasingly sophisticated malware.

For example, recently we witnessed the next evolutionary step of the Necro Python bot, a Python-based self-replicating polymorphic bot that was discovered earlier this year and is designed to defeat software protection systems. conventional malicious. Analysis of the bot by Cisco Talos Intelligence Group revealed:

… the last activity shows many changes to the bot, ranging from different command and control (C2) communications to the addition of new exploits for the propagation, the most notable vulnerabilities in VMWarevSphere, SCO OpenServer, Vesta Control Panel and the SMB-based exploits that were not present in previous iterations of the code.

… The bot hides its presence on the system by installing a user-mode rootkit designed to hide the malicious process and malicious registry entries created to ensure that the bot runs every time a user logs into the infected system.

A significant portion of the code is dedicated to downloading and running a Monero miner XMRig program. The bot also injects code to download and run a JavaScript based miner from a server controlled by an attacker into HTML and PHP files on infected systems. If the user opens the infected application, a JavaScript-based Monero miner will run in their browser’s processing space.

The scope and capabilities of this bot should apply to all CIOs, CISOs, and security professionals, as this level of sophistication means that it is not only difficult to detect the bot when it enters your network, but it is also difficult to detect. is also extremely difficult to get rid of. This is an example of the future of cyber malware attacks and protecting your organization from these attacks and providing robust malware protection requires a much more disciplined approach than most organizations do. ‘have implemented to date.

What Can Financial Services Companies Do to Protect Themselves?

“The threat of cybersecurity could very well be the greatest threat to the US financial system.” Jamie Dimon, CEO of JP Morgan Chase, speaking at the Business Roundtable CEO Innovation Summit in Washington, DC on December 6, 2018.

The European Central Bank’s 2020 edition of its report on ECB Banking Supervision: Assessing Risks for 2020 identified the main risk factors that the euro area banking system is expected to face over the next three years. These risks are as follows:

  • The further digitization of financial services
  • Obsolescence of certain banking information systems
  • Interconnection with third-party information systems and, by extension, migration to the cloud

Given the complexity of computer systems and networks in financial services, there is only one strategy that will provide the level of defense-in-depth required for future-proof anti-malware protection and c ‘ is to implement the Zero Trust model.

The zero trust model

Zero Trust (ZT) provides a set of concepts and ideas designed to minimize uncertainty in the application of precise access decisions and at least privilege per request in information systems and services facing a network considered to be compromise. Zero Trust Architecture (ZTA) is a company’s cybersecurity plan that uses zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan. – NIST Special Publication 800-207

A zero trust model, as defined by NIST, is based on the following principles:

  • All data sources and IT services are considered resources.
  • All communications are secure regardless of network location.
  • Access to individual corporate resources is granted on a per-session basis.
  • Access to resources is determined by dynamic policy, including the observable state of the requesting client, application / service, and asset identity, and may include other behavioral and environmental attributes.
  • The company monitors and measures the integrity and security of all owned and associated assets.
  • All authentication and resource permissions are dynamic and strictly enforced before access is granted.
  • The company collects as much information as possible about the current state of assets, network infrastructure and communications and uses this to improve its level of security.

The last principle is the key to making a Zero Trust model work in the real world. By inspecting all traffic, including secure communications using TLS / SSL (SSLi) decryption and inspection, financial organizations can track what enters their networks and what tries to exit. Properly implemented and deployed, SSLi can effectively and inexpensively prevent malware entry and the exfiltration of sensitive data, making the Zero Trust model robust and comprehensive.

Sanjai Gangadharan, Regional Vice President – ASEAN South at A10 Networks, Inc. and Babur Khan, Technical Marketing Engineer at A10 Networks

Comments are closed.