High Risk: What Alert Means to Banks

Cyberattacks Demand Increased Monitoring, Layered Controls

By , September 21, 2012.
High Risk: What Alert Means to Banks

The Financial Services Information Sharing and Analysis Center's decision this week to increase the U.S. banking industry's cyberthreat level from "elevated" to "high" is overdue, experts say.

See Also: More Threat Vectors, More Security & Compliance Challenges

In light of increasing cyber risks, banking institutions should up their investments in anomaly detection, be mindful of nefarious fraud schemes that could be veiled by distributed denial of service attacks and regularly scan their systems for zero-day exploits.

DDoS attacks and increasing concerns about zero-day exploits likely spurred the FS-ISAC's action this week. But Doug Johnson, vice president of risk management policy for the American Bankers Association and a member of FS-ISAC, says the FS-ISAC's decision to up the threat level was appropriate, given recent changes to the current environment.

This week's action marks the first time FS-ISAC has categorized the threat level for cyber risks as "high," Johnson says.

Julie McNelley, a financial fraud analyst at the consulting firm Aite, says the cyberthreat level, now at the second-highest ranking, shouldn't drop back to "elevated" anytime soon.

"We've seen the threats against the financial system do nothing but escalate over the last few years, and there is every reason to believe that they will continue to do so," she says. "When you have 111,111 unique new strains of malware being deployed per day, 50 percent of which are Trojans designed to capture online [banking] credentials, and 10,000 malicious new domains being deployed per day, I'd say the threat level has been 'high' for quite some time."

Addressing the Threats

Security experts say banking institutions should take several steps to address emerging risks. Among their recommendations:

  • Ensure appropriate layers of security are in place to detect zero-day vulnerabilities;
  • When a DDoS attack strikes, look for attempted fraud , such as account takeover schemes, that could be lurking behind-the-scenes. "Institutions need to know that DDoS attacks may be used simply as a redirection tool - to take an institution's eye off the big fraud," Johnson says.
  • Increase anomaly detection, to pick up on suspicious site traffic and transaction activity;
  • Educate branch staff about emerging threats, such as those posed by phishing;
  • Ensure all software and anti-virus updates are occurring on a regular basis;
  • Communicate with other banking institutions and industry associations to stay abreast of emerging fraud trends and schemes.

Bank Employees Targeted

The threat-level change came just two days after the Federal Bureau of Investigation, FS-ISAC and the Internet Crime Complaint Center issued a fraud alert about cyberschemes, including DDoS, being used by cyberfraudsters to initiate fraudulent funds transfers and hijack sensitive information (see Alert: Banks at High Risk of Attack).

Among the concerns noted in the alert were increases in the number of phishing schemes targeting branch staff. The goal: to hijack administrative credentials for access to sensitive financial data and online bank accounts. In recent fraud incidents investigated by the FBI, bank and credit union employee credentials were used to schedule fraudulent funds transfers from customer and member accounts. Rather than targeting end-users, fraudsters have found more reward by aiming their attacks directly at branch employees who have access to numerous accounts, federal investigators noted.

Now, the threat level update the FS-ISAC pushed out to U.S. institutions Sept. 19 adds heightened concerns about DDoS attacks and hacks that exploit zero-day vulnerabilities in Internet Explorer. "Members should maintain a heightened level of awareness, apply all appropriate updates and update AV [anti-virus] and IDS/IPS [intrusion detection/intrusion prevention] signatures, and ensure constant diligence in monitoring and quick response to any malicious events," the threat-level update states.

Recent Events

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cybersecurity - the New Agenda

The threat landscape has changed dramatically, and so must organizations' approach to...

Latest Tweets and Mentions

ARTICLE Cybersecurity - the New Agenda

The threat landscape has changed dramatically, and so must organizations' approach to...

The ISMG Network