Cybercrime: Costly, imminent threat to the banking world

Patrick Gardner, Managing Partner at C8 Secure

Increased internet usage, online banking and digitalization in finance have made financial institutions vulnerable to cybercrime and cyber attacks. 

The year 2022 saw several significant cyber incidents in the finance industry. On April 17, Beanstalk Farms, a decentralized finance platform, lost $180 million in a cryptocurrency heist. On April 11, the FakeCalls banking trojan was discovered, capable of talking to victims and impersonating bank employees. CashMama, an India-based loans app, reported a data breach on April 6. The breach exposed customer data that was collected and stored.

Lazarus was discovered to be using ‘Trojanized’ decentralized finance apps to deliver malware in a spearphishing campaign on April 1, 2022. While the largest bank in Russia, Sberbank and the Moscow Stock Exchange, both suffered DDoS attacks on February 28, 2022, resulting in their websites being shut down.

In 2022, data breaches in the United States cost an average of $9.44 million. The financial sector experienced a significant impact, with the cost of data breaches in this sector reaching $5.97 million globally.

Cyber attack data indicates financial phishing attacks represented 36.3 percent of total global attacks 2022. In the same year, investment fraud became the most costly form of cybercrime, resulting in an average loss of $70,811 per victim.

Types of cybercrime threats to banking industry

Cybercriminals often use various cybercrimes to bypass security and take advantage of vulnerabilities.

Phishing attacks and social engineering

Phishing attacks involve attackers posing as trustworthy entities, such as banks, online services or reputable organizations, to deceive people into sharing sensitive information.

These attacks usually take place through fraudulent emails, text messages or websites.

In a Business Email Compromise (BEC) scam, cybercriminals send fake emails that seem to originate from a trustworthy source, like the CEO or a reliable supplier. The emails are designed to imitate the organization’s communication style and contain convincing appeals for fund transfers, invoice payments or confidential data. The scammers may also alter the email header or use fake email addresses to make the emails seem authentic.

With the use of AI-powered chatbots on the rise, experts warn that it may also make it easier for fraudulent phishing emails to bypass fundamental defense mechanisms, such as spelling and grammatical error detection. It is because chatbots can generate more sophisticated and convincing messages that can fool users into thinking they are legitimate.

Cybercriminals use social engineering to persuade people to reveal sensitive information or perform actions that jeopardize security. Unlike technical hacking methods that exploit computer systems’ vulnerabilities, social engineering targets human psychology to exploit trust, authority or ignorance.

Social engineering tactics involve various techniques, such as pretexting (fabricating a scenario to extract information), baiting (leaving infected physical devices to lure victims) or tailgating (gaining physical access to restricted areas by following authorized people).

Malware and ransomware

Malicious software, also known as malware, poses a significant threat to banking systems and networks. Cybercriminals use various types of malware to exploit vulnerabilities in banking systems.

Banking Trojans are malware created to steal users’ banking credentials and other sensitive data. These Trojans work by intercepting login credentials or manipulating online banking transactions to redirect funds to the attacker’s account.

Distributed Denial of Service (DDoS) attacks are not considered traditional malware, but they involve flooding a banking system or network with an excessive amount of traffic, rendering it inaccessible to authorized users.

These attacks can disrupt online banking services. It causes inconvenience to customers and creates opportunities for cybercriminals to carry out other malicious activities.

For banking systems, ransomware attacks can freeze operations, block access to important data and interrupt financial transactions until the ransom is paid.

ATM and card skimming

ATM and card skimming is a prevalent cybercrime targeting banking customers using automated teller machines (ATMs) and payment card systems. Cybercriminals put skimming devices on ATMs or payment terminals to covertly record card data. These devices can be placed on the card slot or inside the ATM.

Besides skimming devices, criminals may also attach small cameras or overlays on ATM keypads to record customers’ PINs as they enter them.

By obtaining stolen card data and PINs, criminals can generate counterfeit cards or use the information for unauthorized transactions, such as cash withdrawals or fraudulent purchases.

Sophisticated cyber attack

Advanced Persistent Threats (APTs) are targeted and sophisticated cyber attacks that pose a significant danger to financial institutions.

Typically, well-resourced and skilled threat actors, such as state-sponsored groups or organized cybercriminal organizations, conduct APTs. These attacks are identified by their secretive nature, extended duration and continuous persistence in compromising a target’s systems and networks.

The SolarWinds Sunburst attack, detected in 2020 and had far-reaching consequences through 2021, is one of the most popular APTs in recent times. Another recent APT is Aquatic Panda, believed to be affiliated with China.

According to MITRE’s ATT&CK database, it has been active since at least May 2020. It gathered intelligence and conducted industrial espionage in the technology, telecom and government sectors.

Costly implications for financial institutions

Cybercriminals can make unauthorized transactions such as fund transfers, withdrawals or purchases once they can access someone’s bank account or payment card information. It can lead to direct monetary losses for the victim, with the stolen funds being removed from their account without their permission.

Law enforcement agencies or specialized cybersecurity firms are often hired to investigate cases of fraud or theft. Such investigations require time, resources and expertise to collect evidence, pursue suspects and construct a legal case. The expenses involved in investigations can accumulate, particularly in complex cases that span multiple jurisdictions.

Financial institutions may also have to take legal action to recoup losses, bring criminals to justice, or protect themselves from liability claims. It entails retaining legal representation, initiating lawsuits, attending legal proceedings and participating in settlement discussions.

Legal actions can be lengthy and costly, involving various fees, such as court, attorney and other related expenses.

A bank’s reputation is vital for attracting new customers and retaining existing ones. If news of fraudulent activities or data breaches becomes public, it can damage the bank’s reputation and create negative perceptions in the market.

Customers who have lost faith in a bank’s security may close their accounts and move their business to another institution. They may prefer to use alternative financial institutions that they consider superior security measures.

To combat the costly implications of cybercrime, financial institutions must adopt a comprehensive cybersecurity strategy that aligns with industry best practices. By partnering with C8 Secure, online businesses in the banking industry can have peace of mind knowing that a trusted security partner is safeguarding their infrastructure and data.

“We realized an immediate return on our investment and greatly enhanced our threat detection and remediation capabilities utilizing C8 Secure’s Managed Security Services,” said Roland V. Oscuro, CISO Philippines National Bank.

C8 Secure implements a comprehensive security strategy comprising many layers of protection. Designed with tomorrow’s needs in mind, C8 Secure protects from the edge through to the endpoint and cloud. This includes, managed SIEM/SOC, EDR and MDR, DDoS and Web Application Attack Protection (WAAP), ensuring the resilience of critical infrastructure.

Learn more about C8 Secure here.

RECENT POSTS

Securing a decentralized future: The importance of cybersecurity in Web3

7 Jun, 2023

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.

READ MORE

Let’s Get Started

Securing a decentralized future: The importance of cybersecurity in Web3

Patrick Gardner, Managing Partner at C8 Secure, a Continent 8 company

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.

The emergence of Web3 technology has created an opportunity for financial technology (Fintech) companies to innovate and provide new services like decentralized finance (DeFi) networks, decentralized social trading systems, asset tokenization, cross-border payment solutions and smart contracts.

It is expected that the Web3 market will reach a cumulative valuation of $81.5 billion by 2030, growing at a compound annual growth rate of 43.7%. However, since Fintech has started to catch up with the growing popularity of Web3 technology, cybersecurity, especially, has become a significant concern.

Propelled by blockchain technology and decentralized networks, Web3 envisions a world where users have full control over their data, decentralization fosters inclusivity, and intermediaries no longer dictate terms of use. However, despite the robust security measures associated with these technologies, numerous nefarious third-party entities have infiltrated blockchain systems. In 2021 alone, $2 billion was lost due to various blockchain protocols being hacked. Additionally, over the first three-quarters of 2022, bad actors were able to gross more than $3 billion as part of 125+ compromises.

These numbers are concerning as they suggest that despite the belief that cryptocurrency blockchain systems possess top defenses, they are not immune to attacks. Hackers can continue to use various attack vectors, such as smart contract exploits, phishing, and rug pulls, to inflict significant financial damage to crypto users globally.

As the Web3 market continues to grow, there is a need for a more collaborative approach to cybersecurity for Fintechs. With C8 Secure, developers can delegate security concerns when building Web3 applications so they can focus on other aspects like tokenomics and regulatory complexities.

How Web3 impacts cybersecurity

As the Fintech industry increasingly adopts Web3 technologies, it can realize significant cybersecurity benefits if implemented correctly. These benefits have the potential to fundamentally change the way we approach security and privacy in the digital realm. A few key advantages Web3 offers are decentralization of data across multiple nodes in a blockchain, data immutability, transparency and traceability, self-sovereign identities, privacy preserving technologies and trustless environments.

At the same time, Web3 also poses new challenges for cybersecurity. For instance, smart contracts on a blockchain can have security vulnerabilities that hackers can exploit including re-entrancy attacks, integer overflow, and underflow, among others. Once deployed on the blockchain, these contracts are immutable, meaning errors cannot be easily fixed, making rigorous testing and auditing crucial.

In addition, cybercriminals can exploit smart contracts through social engineering attacks, such as phishing, that trick users into giving their private keys or other credentials. Because of its popularity, cryptocurrency phishing has become a separate category of cybercrime with a 40% YoY increase.

In late December, it was reported that a record-breaking $3.7 billion was stolen in digital-asset-related attacks. Hackers stole $3.4 million worth of GMX tokens from a DeFi user in early January.

These security risks require Web3 Fintech companies to ensure their smart contract solutions are thoroughly tested and audited by trusted cybersecurity providers, like C8 Secure. Emphasizing secure coding practices, comprehensive auditing, continuous monitoring and layered threat prevention controls are vital to mitigating these risks

Another attack type that can harm blockchain networks is the distributed denial-of-service (DDoS) attack. Blockchain DDoS attack happens when the attacker overwhelms the network with excessive traffic, eventually blocking legitimate transactions.

If a crypto exchange is under a DDoS attack, it will see a decreased trading volume. An exchange could lose $21,000 per hour when an attack stops all trading activity. A significant volume of DDoS traffic originates from SSDP amplification and application layer attacks.

Continent 8 Technologies has been protecting its customers from DDoS attacks for almost two decades. In fact, in December 2022 it observed one of the longest sustained attacks that the internet has ever seen. It lasted for an incredible nine days against 145 different customers.

C8 Secure offers various measures to prevent DDoS attacks, including upstream filtering on a large scale, network edge filtering, and volumetric DDoS scrubbing based on thresholds and ratios. With these combined solutions, C8 Secure can effectively mitigate large-scale attacks and provide top-notch protection.

Deterring Web3 cyber attacks

Although blockchain networks have distributed protection, they are not entirely resistant to cyber threats. Most often than not, especially against DDoS, their robustness depends on the number of nodes, diversity, and hash rate in the network. Implementing measures like regular audits, vulnerability scans, and application testing – services that companies such as C8 Secure offer – can help uncover potential exposure points and reinforce network security.

While it’s true that a decentralized network is more resistant to integrity attacks, the associated applications with more traditional cybersecurity weaknesses are not. Vulnerabilities can reside in several areas: attackers can exploit weaknesses in code, discover software vulnerabilities in web applications and APIs, take advantage of flaws in the container or cloud workload configurations, and even deploy bots to launch credential stuffing and DDoS attacks.

For many Fintechs, the expansion of Web3 raises security concerns, despite the technology’s immutable and transparent ledger and complex consensus protocols. To reduce these risks and operate safely in Web3 while complying with various regulations, Fintech can turn to cybersecurity companies.

For example, cybersecurity companies can offer solutions that analyze large amounts of on- and off-chain crypto data to detect fraudulent behavior and flag suspicious wallets. Such companies can also develop secure and robust code that automates financial processes in Web3 and the broader financial sphere.

That’s why partnering up with an established cybersecurity solutions provider, like C8 Secure, who alongside Continent 8 Technologies has over 25 years of experience protecting many of the most targeted sectors, will take your security posture to another level.

Learn more about C8 Secure’s solutions, here.

RECENT POSTS

5 Steps to Reduce Your Risk of a Ransomware Attack

23 Feb, 2023

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack.

READ MORE

Let’s Get Started

The Current State of Cybercrime; the Role of AI in Cybersecurity

Cybercrime is a constantly evolving threat that affects people and organisations of all sizes. In 2022, cyberattacks increased by 38% according to Check Point research, further compounding the growth of 300% seen in 2020, with iGaming and e-commerce businesses being the primary targets. Cybercriminals use a variety of techniques to gain unauthorised access to sensitive information, such as phishing, malware, and ransomware attacks. The consequences of these attacks can be devastating, including loss of data, financial damage, and reputational harm.

With the growing complexity of cybercrime, traditional cybersecurity measures like firewalls and antivirus software are no longer enough. Cybersecurity experts are turning to artificial intelligence (AI) and advance cybersecurity defences such as XDR and managed SOC/SIEM to help detect and prevent cyber threats. But, AI technology is a double-edged sword that can both aid cybercriminals and help prevent cyber attacks.

How Artificial Intelligence is Aiding Cybercriminals

AI technology is making it easier for cybercriminals to launch sophisticated attacks. For example, AI-powered bots can be used to automate phishing attacks, making it easier to target a large number of people at once with very personalised approaches. These bots can analyse social media profiles and other online data to create targeted and personalised messages that appears legitimate and are more likely to be opened and clicked on.

In addition, AI can be used to create deepfakes, which are fake images, videos or audio recordings that are indistinguishable from real ones. Famously, deepfakes have been used to simulate voices of singers such as The Weekend and Drake and also the actor Bruce Willis in a Russian mobile phone commercial, but it can be used to impersonate people in authority within a company, such as a CEO or network administrators or even used to spread false information, which can be used for malicious purposes.

Another way AI is aiding cybercriminals is through the use of machine learning algorithms. These algorithms can be used to analyse large datasets and identify vulnerabilities in software systems, which can then be exploited by cybercriminals.

Examples of AI-Powered Cyber Attacks

AI-powered cyber attacks are becoming more common, and their impact can be devastating. One example is the 2017 WannaCry ransomware attack, which affected over 200,000 computers in 150 countries. The attack was carried out using an AI-powered worm that was able to spread rapidly and infect vulnerable systems.

Another example is the use of AI-powered bots to launch distributed denial of service (DDoS) attacks. DDoS attacks involve overwhelming a website or server with traffic, making it inaccessible. AI-powered bots can generate massive amounts of traffic, which can be used to take down even the most secure websites. Read about Continent 8’s experience over Christmas and World Cup 2022.

Impact of AI on Cybersecurity and How C8 Secure Use This Technology

While AI technology is making it easier for cybercriminals to launch attacks, it’s also being used to prevent them. C8 Secure’s AI-powered cybersecurity solutions, including our Cloud WAAP (Web Application and API Protection), Security Information and Event Management (SIEM) and XDR (Extended Detection and Response) solutions, can analyse vast amounts of data in real-time and identify anomalous behaviour and potential threats before they occur.

C8 Secure use AI-powered anomaly detection and security analytics in C8 Secure’s SIEM and Cloud WAAP, which can identify unusual behaviour on a network or website that could indicate a cyber attack and alert our cybersecurity experts in real-time. This technology can learn from past attacks and adapt to new threats, making it a powerful tool for cybersecurity experts. C8 Secure’s WAAP can also run vulnerability scans against the website it protects, and suggests additional rules and configuration to harden the existing protection – essentially configuring itself! This is an important feature in the world of DevOps with CI/CD (Continuous Integration and Continuous Delivery). This concept helps businesses deliver new, working features earlier and more frequently. They can do this safe in the knowledge that C8 Secure’s WAAP offers blanket protection of their website.

C8 Secure’s AI-powered XDR (Extended Endpoint Protection and Response (anti-virus on steroids)), can detect and prevent malware attacks on individual devices. Our solution can analyse patterns of behaviour on a device and identify potential threats in real-time.

Ethics and Concerns Around AI and Cybercrime

While AI technology has the potential to revolutionise cybersecurity, it also raises ethical concerns. For example, AI-powered cybersecurity solutions can be used to monitor employees and collect sensitive information about them. This raises questions about privacy and the use of personal data.

Another concern is the potential for AI-powered cyber attacks to cause widespread damage. As AI technology becomes more advanced, cybercriminals may be able to launch attacks that are more sophisticated and harder to detect. This could lead to widespread disruption and chaos. This will require cybersecurity experts to constantly adapt and develop new technologies to stay ahead of cybercriminals.

Preparing for the Future of Cybercrime

To prepare for the future of cybercrime with AI, organisations need to take a proactive approach to cybersecurity. This means investing in AI-powered cybersecurity solutions that can detect and prevent cyber threats in real-time – like C8 Secure’s WAAP, SIEM and XDR solutions.

Organisations also need to prioritise cybersecurity training for employees, as human error and compromised credentials are a common cause of cyber attacks. In fact, according to Verizon’s 2022 Data Breaches Investigations Report, human error is responsible for a massive 82% of data breaches. Therefore, companies need to include training on how to identify phishing emails, create strong passwords, and use security software effectively.

Finally, organisations need to be prepared for the worst-case scenario. This means having a plan in place for how to respond to a cyber attack, including how to recover lost data and how to communicate with stakeholders. C8 Secure’s Cloud backup service combined with the managed XDR and SIEM solution can help detect, prevent and recover from cyber attacks, including ransomware.

Conclusion

AI technology is changing the game when it comes to cybercrime. While it’s making it easier for cybercriminals to launch attacks, it’s also being used to prevent them. As AI technology becomes more advanced, we can expect to see both more sophisticated cyber attacks and more powerful cybersecurity solutions.

To stay ahead of the curve, organisations need to take cybersecurity seriously and invest in the latest AI-powered technologies. By doing so, they can protect themselves from the ever-evolving threat of cybercrime and stay ahead of cybercriminals.

Are you protected? C8 Secure has full spectrum cyber security solutions to defend your infrastructure against a growing number of threats. Contact info@c8secure.com to learn more and speak to one of our experts.

RECENT POSTS

5 Steps to Reduce Your Risk of a Ransomware Attack

23 Feb, 2023

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack.

READ MORE

Let’s Get Started

5 Steps to Reduce Your Risk of a Ransomware Attack

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack. To help address those concerns, Leon Allen, Cybersecurity Director at C8 Secure (www.c8secure.com), lists 5 key steps that companies can take to reduce their risk of a ransomware attack:

• Take Inventory “We don’t know what we don’t know”

Whilst this may sound simple, you would be very surprised to learn how organizations are directly infiltrated and exposed by simply not understanding what assets are within their enterprise. This starts from unsecured endpoints (such as laptops, switches, servers etc.) through business applications hosted in the cloud or in a data center.

To help with taking inventory, tools like asset discovery scanning and automated vulnerability scanning can be used. Furthermore, other good housekeeping measures involve reviewing your change management procedures, running a report on administrator accounts, verifying firewall rules, and validating VPN accounts.

• Define Risk “An ounce of prevention is worth a pound of cure”

It’s important to not get caught saying “I really wish I would have spent a few more security dollars”. Whilst it’s very much understood that security budgets are only typically increased following an incident, the level of threat in the world should help us all justify greater security investment.

Where you spend resources should be commensurate with your risk. If we don’t know the risks, it’s very hard to justify the application of those resources. Risks such as loss of revenue, regulatory concerns, impact to operations, your reputation, penalties, fines, contractual obligations, and data protection obligations need to be understood for your business.

Take stock of your data and cyber footprints and focus on the risks and cost to business that are applicable to you.

• Educate “To be armed is to be forewarned”

To make decisions on technical solutions that can help mitigate risk, we need to arm ourselves with an understanding of the available cybersecurity solutions out there, including how those solutions compare. This naturally leads into decisions around whether you bring this solution in-house or whether you outsource to a Managed Security Solutions Provider (MSSP).

Crucial from an education perspective, is the end users. This is still the most direct path in avoiding the proliferation of malware within your organisation. When combined with an effective security event monitoring and ransomware controls solution, providing regular security awareness training can go a long way in mitigating the likelihood of a ransomware attack.

• Plan “Security is a journey not a destination”

Far too many idioms that can be used here (and I’ll try and avoid using the classic ‘Rome’ one). Essentially, we are not going to solve every problem in a single instance. Use the risks identified in step 2 and prioritize. Tackle the list over time. It’s crucial at this stage to ensure you have security representation at a board level to ensure you have the required backing to address those risks.

• Execute

The time has come to execute your plan and start mitigating those risks. It’s critical that when you execute you are also testing, measuring, and quantifying along the way. Continually ask yourself the following questions:

• Was this investment worth it?
• Can I do this more cost effectively by outsourcing?
• Were other gaps/risks exposed?
• Was the result intended?

To keep your risks low, and returning to the adage that “security is a journey, not a destination”, it’s time to rinse and repeat steps one through five.

And remember, if you’re ever feeling overwhelmed, there are a multitude of companies out there who can help you. They would like nothing more than to have a conversation with you on how best to reduce your risk.

About the Author: As C8 Secure’s Cybersecurity Director, Leon oversees the full spectrum of security services including advanced cyber defense, applied cybersecurity solutions, and managed security services. Leon also leads the security innovation program, which discovers and delivers new and innovative cybersecurity technologies. He is a highly experienced IT professional with 17 years’ experience in the industry and holds a BEng degree in Software Engineering and a first-class Information Security Master’s Degree from City University, London.

RECENT POSTS

5 Steps to Reduce Your Risk of a Ransomware Attack

23 Feb, 2023

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack.

READ MORE

Let’s Get Started