Banks Take Action After Alert, Attacks

Institutions Say Layered Security Controls are Critical

By , October 8, 2012.
Banks Take Action After Alert, Attacks

It's been nearly three weeks since the Financial Services Information Sharing and Analysis Center issued its warning about new online threats facing U.S. banking institutions (see High Risk: What Alert Means to Banks).

See Also: Fighting Financial Fraud: Mitigation for Malware, Phishing & DDoS Attacks

In the wake of that alert, which came just days before the FS-ISAC for the first time raised its cyberthreat level to "high," and a series of denial of service attacks against five of the nation's leading banks, executives at financial institutions across the country say they are taking action, including:

  • Upping technical investments in fraud detection and network and perimeter security;
  • Reviewing disaster recovery plans and employee training strategies; and
  • Embracing the need for ongoing discussions with vendors, service providers and law enforcement about emerging schemes and cyberthreats.

"The real way to have control over cyberthreats is for us to be prepared and be proactive," says one executive with a $2.5 billion institution, who asked not to be named. "Keep identifying the new threats and finding the right solution to mitigate the risks."

Executives at several institutions - all but one of whom requested anonymity - shared with BankInfoSecurity their actions in the wake of the alert and the attacks. Banks and credit unions, they say, must have layers of security that include technical and administrative components.

'Credible Intelligence'

FS-ISAC on Sept. 19 raised its threat level from "elevated" to "high," telling institutions they should be on the look out for hacking schemes that rely on spam, phishing, keyloggers and remote-access Trojans to attack and compromise networks and intercept employee login credentials. Just one day before that status elevation, Bank of America's online-banking and website took a hit from a DDoS attack backed by an alleged hacktivist group based in the Middle East. The attack against BofA was the first in a series of attacks aimed at leading U.S. banks (see Alert: Banks at High Risk of Attack).

The FS-ISAC said it raised its threat level because of "credible intelligence" about the potential for DDoS and other attacks against U.S. institutions. In the alert, the FS-ISAC, along with the Federal Bureau of Investigation and the Crime Complaint Center, lists 17 tips banks and credit unions should follow to mitigate their risk of fraud linked to DDoS and other attacks.

Ongoing Risk Assessments

So, how have financial institutions responded to these incidents and the alert?

The executive at the $2.5 billion institution says the primary focus has been on technical solutions. "When we learned that other banks were under attack, we immediately looked at our own protection levels and what we might need to do to prevent it from happening to us."

Over the last several weeks, the emphasis has been on keeping up with evolving cyberthreats, the executive adds.

"We have circulated this alert [from FS-ISAC] internally and reviewed the issues and recommendations mentioned," the executive says. "We tried to identify any gaps between what the agencies recommended and what we have put in place to mitigate the risks related to the issues. I believe we are in good shape."

Pointing to security recommendations outlined in the FFIEC's Updated Authentication Guidance, the executive says, "We frequently review our existing layered defense mechanisms to make sure they are able to take on the new challenges."

A year ago, the executive's institution launched an intrusion protection system from security vendor Corero. After the recent wave of attacks, the institution determined the system had detected and stopped more than 418,000 DDoS attempts or rate-based attacks in the last two months.

"I believe the primary purpose of DDoS is to cripple the targeted Web services ... not to steal the information," the executive adds. "Regardless, the IPS certainly acts as an effective layer, which detects malware and any anomalies in network activities. Of course, we have put in many other layered protections, such as end-point protection and a Web security gateway."

Information Sharing

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Singapore to Open Cybersecurity Agency

Starting in April, Singapore plans to have a dedicated and centralized cybersecurity agency. But...

Latest Tweets and Mentions

ARTICLE Singapore to Open Cybersecurity Agency

Starting in April, Singapore plans to have a dedicated and centralized cybersecurity agency. But...

The ISMG Network