Banking on security in an environment of threats

The global financial crisis of 2008 was a piercing wake-up call for the financial industries of the world. It brought several regulatory and legislative changes in its wake, all aimed at preventing the recurrence of such an event. But the years since then have seen a different kind of threat emerging. The warning sirens are more frequent than before and more insistent.

Banks and financial institutions seek to stay relevant and competitive with providing convenient, personalized services to their customers. For this, they collect and analyze huge volumes of sensitive customer data. All this information is stored and accessed online. And this makes them prone to cyber attacks. Cybercriminals exploit vulnerabilities in digital systems to perpetrate attacks of different natures and complexities. Incidences of such attacks have been increasing over the years, and unless we take great care, cyber attacks could easily be the cause of the next global financial crisis.

Only recently, US credit reporting bureau Equifax suffered a huge data breach, resulting in significant loss of data, which included the personal details of over 145 million people across the US, UK, and Canada. This event triggered a rethink of data protection laws in the US. Earlier in 2017, the Llyods Banking Group was hit by a major DDoS (Distributed Denial of Service) attack over the course of 48 hours, as cybercriminals attempted to block access to 20 million UK accounts. Later in the year, several South Korean Banks were threatened with a DDoS attack if they did not pay a $315,000 bitcoin ransom.

Equally worrying, and just as dangerous, are attacks that gradually siphon off data over an extended period of time. Such attacks are generally perpetrated through malware, such as the TrickBot Trojan, which made an appearance in Latin America and targeted banks in over 40 countries.

Recent trends like P2P (peer-to-peer) banking, directives like PSD2 (Revised Payment Service Directive), and initiatives like the Open API Standards for banking in the UK, while they all have their positives, have also inadvertently made the threat landscape riskier by providing more channels through which hackers can target systems. National and global authorities have introduced regulations to ensure that the financial industry takes the cybersecurity aspect of their business very, very seriously.

Under the EU General Data Protection Regulation, which will be enforced from May 25, 2018, organizations that are breached could attract a penalty of up to 20 million Euros or 4 percent of their annual global turnover, whichever is higher. India is in the process of instituting a Computer Emergency Response Team in Financial Sector (CERT-Fin), which will work closely with all financial-sector regulators and stakeholders on issues of cybersecurity.

Cyber threats are evolving as fast as the counter-measures being adopted to combat them. It is therefore essential for banks and financial institutions to be armed with agile cybersecurity strategies that identify potential threats, prevent attacks, and enable fast recovery. The banking industry should continue to invest significantly in cybersecurity – as they traditionally have – because their business is heavily dependent on customer trust.

As the open banking phenomenon grows, and different sets of data become digitally interconnected, the industry needs to protect customer data more fiercely than ever. A security breach can damage not just the company’s revenues, but also its reputation. A recent consumer study revealed that 50 percent respondents would consider switching banks if they suffered a cyber attack, while 47 percent said they would “lose complete trust” in their bank if such an event occurred.

The BFSI industry needs to look at adaptive, round-the-clock methods of detection, defense, and counter-attacks against cyber threats. Help is readily available in the form of third-party security service providers, who have the requisite expertise to offer comprehensive, assured protection. It is also an encouraging sign that investments in security operation centers (SOCs) are on the rise.

The 2008 financial crisis taught the financial industry that it needed to adopt a more responsible approach towards risk management. The years since have delivered a recurring lesson – the pertinence of keeping abreast of the latest in security threats and solutions and investing in security applications that can adapt to the current and future changes in one of our most important and vulnerable industries. Let’s act as we learn.


Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.


CISO Challenges in 2018

To stay ahead of threats, CISOs will need to enter 2018 in steep learning mode. Their priorities will include integrating artificial intelligence, protecting against increasingly advanced Distributed Denial-of-Service (DDoS) attacks, pressuring IoT vendors to build enterprise-class devices and deciding what blockchain technology may mean to them.

When it comes to leveraging IoT devices for DDoS attacks, the bad guys tipped their hand in 2016 with the Dyn DDoS attack, said Eric Cowperthwaite, managing principal at Citadel Services, a security and risk management consulting company. “There’s way more of that coming—way more,” he said. Broadly speaking, enterprises lack good plans to deal with these types of attacks, he said.

The Dyn attack illustrates two separate issues that CISOs must address. One is the order of magnitude: While the attack is the same type of threat businesses often face, the leveraging of IoT devices amplified the amount of malicious network traffic used in DDoS attacks.

The second challenge isn’t just the operational stability problems such an attack can cause, Cowperthwaite said; it’s also the damage to the company’s reputation when it becomes known that its inadequately secured IoT network enabled the attack.

CISOs need to pressure vendors to add instrumentation to IoT devices entering the enterprise, so that commercial devices are at least hardened from attack and defendable. “If CISOs don’t apply pressure on those vendors, who will?” he asked.

CISOs must be able to monitor their networks so that it’s possible to tell when trusted—or supposedly trusted—devices are behaving appropriately. “If it’s not acting correctly, you should take it off the network,” Cowperthwaite said.

Also high on the CISO’s priority list should be figuring out how to use artificial intelligence to automate event management. “If we don’t figure out how to use AI to deal with the masses of data that we have, we’ll never get ahead,” Cowperthwaite warned. He suggested automating basic security so people aren’t looking at first-level event data. “Why aren’t we taking all that event log data and running it through an AI that will look for anomalies before we do anything else?”

CISOs also can take a page from Agile to tackle other persistent cybersecurity challenges, and move away from security-event firefighting and into more of a business advisory role.

Finally, while blockchain technology may or may not be your friend, it most likely will be more than a passing acquaintance by year’s end. CISOs need to learn about distributed trust systems as well as the technologies and tools that help ensure transaction integrity, irrefutability and nonrepudiation. CISOs then can consider business risk when it’s time to establish governance for the new players on the block.


Mirai: Trio confesses to creating the world’s most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

Bitfinex restored after DDoS attack

Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitfinex, which claims to be the world’s largest and most advanced cryptocurrency exchange, says it has restored its systems after coming under a “heavy” distributed denial of service (DDoS) attack.

Despite claiming on its website that Bitfinex is “protected by automatic distributed denial of service” systems, the company has been affected twice in December 2017 and once in November by DDoS attacks.

According to Bitfinex, the attackers created “hundreds of thousands of new accounts,” causing stress on the Bitfinex’s infrastructure. The exchange said it took about 12 hours to restore normal operations and that new user signups had been suspended temporarily to reduce demand on its infrastructure.

The latest DDoS attack on Bitfinex comes just days after an Imperva report showed that the bitcoin industry was one of the top ten industries most targeted by DDoS attacks in the third quarter of 2017.

Cyber security industry analysts say the increased interest in Bitcoin as its value continues to surge is making it a prime target for cyber criminals either for extortion or theft.

Igal Zeifman, director at Imperva Incapsula, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” he said.

According to the Imperva report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack.

This latest DDoS attack on Bitfinex underlines how increased prominence can make businesses more vulnerable to DDoS attacks, said Kirill Kasavchenko, principal security technologist for Europe at Arbor Networks.

“The bitcoin market has been a hot topic over the past week, which has led to a surge in buyers,” he said. “Hackers are notoriously opportunistic, so it makes sense that they’re seizing this opportunity to make it difficult for Bitfinex to maintain usual business activities.”

Businesses which rely on their website as a route to market, said Kasavchenko, must learn lessons from this, and evaluate whether their current DDoS protection could work harder for their business.

“In response to bitcoin’s growth, attackers might launch DDoS attacks against exchanges not only as extortion threat, but also as a way to manipulate cryptocurrency rates by making trading platforms unavailable.

“Last but not least, cryptocurrencies do not have any legal status in most countries,” he said. “This means prosecution of attackers is often problematic not only from technical, but also from a legal point of view.”

Targeting bitcoin exchanges

In line with the trend of targeting bitcoin exchanges, cyber criminals stole nearly $80m worth of bitcoin from bitcoin mining and exchange service NiceHash.

According to NiceHash, the attackers – believed to be from outside the EU – accessed the company’s systems at around 00:18 GMT on 7 December, and began stealing bitcoin three and a half hours later.

This is the latest in a string of cryptocurrency heists in 2017, and security researchers are predicting the trend will only intensify in 2018.

As the bitcoin value continues to soar, its attractiveness to attackers – both at a criminal and nation state level – will increase in proportion, according to Richard Ford, chief scientist at security firm Forcepoint.


Christmas revenues at risk from DDoS and POS-vulnerabilities

An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse.

According to the Kaspersky Lab IT Security Economics Report, over 77 per cent of companies have suffered from some kind of attack during the last 12 months. An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse – especially during the Christmas sale season, when there are more shoppers in store than usual, and the boost in sales is making retailer revenues an attractive target for cybercriminals.

The research shows that over the past year there has been an explosion (up to 16 per cent) in both attacks involving DDoS attacks, and attacks in which vulnerabilities in point-of- sale systems (POS-terminals) have been used. These figures indicate that whatever heists cybercriminals are planning this season, they are likely to start with, or include, DDoS or the exploitation of vulnerabilities in retailer POS systems.

In particular, 2017 has seen a series of high-profile cybersecurity breaches reported in the payment systems of major brands: from Chipotle to Hyatt Hotels and recently, Forever 21. Kaspersky Lab also registered a considerable increase and geographic spread in botnet DDoS attacks in the third quarter of 2017, with targets in 98 countries (compared to 82 in Q2), according to the latest DDoS Intelligence Report.

This situation is going to be extremely relevant to retail and e-commerce organizations during the intense period of sales around Christmas. As shoppers look to bag their bargains, retailers can expect increased revenues. This in turn makes retailers a lucrative prize, if cybercriminals can stage successful DDoS attacks against them for a ransom, or for dirty competition, use POS systems as an entry point for targeted attacks, or steal customer credentials and money.

“Given this year’s apparent increase in these types of attacks, we recommend businesses – retailers in particular – to stay alert during the Christmas season, when there are more risks of cybercriminals cashing-out, through the exploitation of payment systems or attacks that use DDoS. These can involve cybercriminals demanding a ransom, or simply preventing an organization from trading, making them lose income and clients as a result. But apart from the obvious risks, this is also a good opportunity for businesses to think about their protection in general, by developing their cybersecurity culture and investing in the right technologies.” – said Alessio Aceti, Head of Enterprise Business Division, Kaspersky Lab.

To avoid ruining their revenues in the upcoming high sales season, retailers and e-commerce organizations can protect themselves with a range of solutions dedicated to meeting their specific requirements. Kaspersky Lab strongly recommends that retailers:

– Keep e-commerce platforms up-to- date because every new update may contain critical patches to make the system less vulnerable to cybercriminals.

– If possible, make sure that the POS terminals in use run the latest version of software and change the default passwords.

– Use a tailored security solution, like Kaspersky Embedded Systems Security, to protect point of sales terminals from malware attacks.

– Prepare for DDoS attacks by choosing a reliable service provider that is a cybersecurity expert and can protect against powerful and sophisticated DDoS attacks. This is not always possible using in-house resources or Internet providers. To learn about the specialist Kaspersky DDoS Protection offering for SMBs and enterprises, please visit our website.

– Educate customers about the possible cyberthreats they may encounter while shopping online and offline, as well as steps about how to minimize the risks.


Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it’s no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Given the volumes of cash swashing around, it’s not a surprise that leisure and gaming industries have become a particular target for cyber-crime and a new report suggests there is growing interest on the Dark Web when it comes to attacks on the gaming industry.

The extent and methods used are described by security provider IntSights in its Gaming and Leisure Cyber Security Benchmarking Report, which outlines the results of a six-month research project anonymously searching the clear and dark webs for threat intelligence on 30 leading gambling resorts.

Attacks include the usual DDoS and phishing, to sector specific hacks on slot machines and casino chips.

Threats from the Dark Web over the last six months specifically targeting the gaming and leisure sector  have included 19 DDoS attacks on resorts, 29 on gambling affiliates, 30 on free coins generators, 52 validates’ accounts for sale, 55 casino chips for sale, 61 scam guides on gambling resorts, 63 POS hacking tools, 69 VPN scams, 70 Stolen CC for cashout, 86 hacking slot machines, 90 hacking tools, 95 hacking tutorials, 141 logins with money balance for sale, 289 cash out methods, 345 carding.

An example of attacks include detailing how a hacker suggests an affiliation partnership to scam gambling companies: “I need someone who is in New Jersey and who wants to help me out and make some money at the same time. Here is the skinny…

I have found a way to use some of the bank logs that I manage to accrue using the personal information I have on various people with both …. poker and ….. I am able to use the instant bank transfer ACH to deposit funds onto my accounts and have two different accounts with pretty large balances in the wallet. Unfortunately, these sites do not let you play if you are not in the state of New Jersey. They are pretty damn good about it too and I have tried a multitude of proxy services and virtual machines to no avail. The only thing left I can think of and have heard from two others that it is successful, is to remote into a computer of someone who lives in New Jersey, and run the client from their computer with my account.

I would need you to get Teamviewer or some other remote access software, and let me remote in and do some gambling. I can then cash out and pay you, or better yet, give you login info of one of my accounts and let you have your own fun. Please let me know if you are interested and available to do this because if it actually does function, we are looking at a fucking GOLDMINE!”

There were some 29 affiliation suggestions for scams found in the past six months.  This includes people using free coin generators and sharing them on hacking forums as a way to access and hack into other accounts and computers. In the past six months 30 free coin generators have been offered. Branded poker chips are being sold on the black market and in the past six months 55 have been offered for sale on the black market.

In its research IntSights conducted scanning via the IntSights cloud infrastructure looking for indicators of compromise such as: Stolen credentials that may be used to infiltrate a company’s systems; Company employees on target lists posted by malicious actors. These lists can be used by the threat actor or others to launch a phishing or spam attack against the company; Dark Web attack indicators that suggest the intentions of malicious actors to hack, scam or damage company assets, employees or customers. Also, where a company’s internal login page has been exposed and can be used by threat actors to infiltrate the company’s network and harvest sensitive data, plus where a suspicious fake or phishing domain has been detected which can be used for malicious activity against a company or
its employees.


Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.


Rutgers suffers “data breach,” of 1,700 students’ info

NEW BRUNSWICK, NJ – The ​academic information of 1,700 Rutgers students was exposed during a “data security incident” on November 8 and 9, university officials confirmed.

No one’s Social Security number, address or financial information was leaked, according to university spokesperson Neal Buccino.

Instead, the affected students, all in the Department of Computer Science, had their academic data leaked, including Rutgers ID numbers, cumulative GPA’s and Spring 2018 class schedules, Buccino said.

University officials notified those students affected that their data was exposed, but that it hadn’t been altered, according to Buccino.

Officials determined that 18 students accessed the data “in error,’ and notified those students th​a​t​ information they viewed was confidential.

The leak was the result of an “administrative error,” according to Buccino, who added that the university was updating its relevant security policies to ensure such an error doesn’t happen again.

Internet issues are nothing new to Rutgers. Over the course of 2015, Rutgers suffered half a dozen distributed denial of service (DDOS) attacks which crippled the internet on campus for days at a time.

The attacks were perpetrated by the so-called “exfocus” hacker, who during the course of the attacks posted a series of taunting messages on various Twitter pages.

Two of the major attacks took place in the Spring 2015 semester; one during midterms and the other during finals period, preventing many students from working on projects and papers, or preparing for exams.


Alleged DDOS attack wipes almost $2,000 off Bitcoin price

BTC now trying to stablize around $9,500

Over the past 24 hours, Bitcoin (BTC) has been on a parabolic run all the way from $10,000 up to almost $11,500. Many including myself feared a sharp correction would be due at any moment, as the kind of growth we saw was not sustainable, not even in the crazy world of crypto.
BTC hit a high of $11, 441 on Bitfinex before tumbling quickly all the way down to $9,000 in just a few minutes. Many went to Twitter to voice opinion that the reason for the drop was a DDOS attacked on many of the largest exchanges around the world. While a mass DDOS attacked has not been confirmed yet, it seems likely it was the cause of the sudden crash.

Screen Shot 2017-11-30 at 08.56.57

Approximately $53 billion was wiped off the total cryptocurrency market cap in under an hour, a figure which calculates the value of Bitcoin and other alternative coins combined. At the time of publishing, Bitcoin was trading close to $9600, but appears to be facing resistance heading back to $10,000 and beyond.