Banking sector under attack, are we ready to the challenge?

Pierluigi Paganini February 16, 2012

Where can I find money? At the bank of course, this is the thought which underlies dell’orietamento of cyber crime that seems to have targeted the banking industry and its services. The event is not new but the intensification of efforts in this area is troubling .

The banking sector is considered a strategic sector in every cyber strategy. Interested to the banking in addition to cyber crime today there are groups of hacktivist and hostile governments, all operating with the intent to terminate the provision of key services and cause damages to the main banks. It ‘happened earlier this year for example when Israel was subjected to an escalation of attacks, some of which have destroyed the national banking system, on the front of hacktivism all remember the organized protest actions against institutions such as Paypal in the Assange case.

What might be the main sources of concern in the banking?

Wanting to provide a list of the main threats to the sector, I cite the first topics that pass in my mind related to IT security of the sector:

Malware designed to steal information to clients of web services. For years we are witnessing an exponential growth of investments and profits from the development and distribution of malware specifically designed to make bank frauds. A flourishing and creative industry with a considerable expansion that has developed solution to outline a wide range of services to support those who use these malware. A dense and complex underground network that day by day updates its products, following the security market evolves and is trying to anticipate the movements on the field observation. The new social media are used for the information sharing and for the commerce itself, a real cyber crime community. To make an example let remind the famous Zeus Trojan, a malware designed to steal banking information by logging keystrokes and form grabbing, It is spread mainly through phishing and drive-by downloads schemes. Consider that the several Zeus botnets are estimated to include millions of compromised computers (around 3.6 million in the United States).

New Drive-By Spam and phishing, the threat arrives via email, is now read consuetidine attacks that use email as a vector for spreading malware. Clicking on a link in the body of email or simply opening it the download of malware starts. Always using email it is possible attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information.

MITM attacks, A typical scenario is one in which an unsuspecting user is connected via a mobile device to him online banking. With attacks like the hacker stands between it and the bank with obvious consequences. Public place or at home, no one is really safe, think for example of recent vulnerabilities discovered in the protocol WPS (Wi-Fi Protected Setup), which also exhibits a home user on a him protected network at risk of being compromised.

DDoS, Botnet and IPV6 migration, surely the specter of a DDoS attack represents a serious threat. Unimaginable damage caused by such attacks both in terms of direct losses related to lost profits caused by the interruption of service, also in terms of indirect damage to company image.  If DDoS is the attack, millions of infected PCs around the world that compose the botnet are the weapon. An offensive power difficult to control and reap new victims every day. A worse scenario would be observed with the introduction of the IPv6 protocol, a technological revolution that could open the door to new powerful attack during the migration from the old network protocol IPv4. This kind of DDoS attacks could be the main beneficiaries of the new network protocol that would make available a multitude of additional IP addresses from which move the attacks evading defense systems unprepared for migration.

Mobile, social networks and cloud computing, new technologies, old problems in a scenario that evolves in a mobile direction. To ask it is are dynamic customers that want to have on their mobile device all the services of traditional banking. In particular, I point my finger on the areas of social networking technologies and paradigms such as Could computing, powerful platforms and paradigms that promise wonders, but the risks associated with marriage with the mobile industry are terrifying. The financial services industry is rapidly changing attitudes toward cloud computing. This is shown in a research conducted by Gartner that reports that the cloud has become a top priority of CIOs of companies related to banking and financial sector in general. 39% of respondents, in fact, expects that by 2015 more than half of the transactions will be through a cloud infrastructure.

Are we really ready?

Regarding social networks they aren’t used only for socializing but an user can operate also with banking services. Checking balance, transferring money, getting customer service help and applying for a loan, all without leaving the social networks. From a technological prospective it is possible but do not forget that cyber crime is raising the threats on the same platforms, this means that we must increase security measures in this area.

We can discuss for weeks, but I will not bore you … the message is

“We must be alert, the threat is looming”

Pierluigi Paganini

you might also like

leave a comment