As we explained in our “Survival Guide for Million-Dollar Cyberattacks”, cyberheists are evolving at breakneck speed. For financial institutions, this is obviously a major concern. These institutions are coming up against ever more sophisticated malware and very well coordinated, and, in short, completely professionalized targeted attacks. In fact, according to the Verizon Data Breach Report 2016, the financial industry ranks number one in security incidents with confirmed data loss. Not only are they frequently targeted, but there is also a high success rate.

Although it’s still necessary to maintain an iron grip on clients’ personal data, the real security challenge for banking entities is in protecting the company’s own data. This latter has become the primary target of attackers. Cybercriminals are aware that the risk is greater. But the time and effort that goes into planning and executing the attack has the potential of raking in much bigger profits.

What can financial institutions learn from past cyberheists?

In February of 2016, the Central Bank of Bangladesh suffered a cyberattack carried out using malware created specifically for the heist. The malware attempted to make fraudulent transfers from the Bangladesh Bank account held at the Federal Reserve Bank of New York. The majority of these transfers were eventually blocked, but the attackers managed to make off with 81 million dollars. The attack on the Tien Phon Bank in Vietnam at the end of 2015 or the Austro Bank in early 2015 (where criminals were able to take over 9 millions of dollars) are other examples that come to mind.

These attacks and others like them bring up a very important question: is it possible to combat malware that we know practically nothing about? In fact, this question has an answer, and the answer is yes, with advanced security tools it is possible. These tools need to have predictive capabilities that detect anomalous behavior patterns and trigger an alarm before the attack actually has the chance to take place.

The most common tactics and how to prevent them

Here are some of the most common tactics used in carrying out a cyberheist:

Phishing: With financial institutions, it makes sense that attacks are targeted (directly or indirectly) at employees with access to the entity’s finances.

Banking Trojans: Hackers make use of these to control the computers of key employees within the target organization and access their data, credentials, permissions, etc.

Keyloggers: Another gateway to passwords and credentials that lead directly to the core of financial institutions.

Attacks against the SWIFT system: the most sophisticated type of attack, and one capable of generating the highest economic losses. The SWIFT platform is used by most financial institutions worldwide to perform bank transfers. The latest cyberheists have all taken advantage of vulnerabilities in this platform to access the banking institutions.

But what can financial institutions do to prevent such attacks?

Knowledge is power: it is crucial to have advanced security tools that provide unlimited visibility of everything that happens on your network, including running processes and data exchanged in those processes. Full control of the security perimeter is the only way to instantly predict and detect anomalous behaviors and neutralize attacks before they occur.

Use ENR tools to secure endpoints. In line with the previous point, ENR tools provide a complete overview of the behavior of endpoints, which are often the access route for attackers, as they are considered to be more vulnerable. These solutions take advantage of total visibility of everything that happens within the perimeter to anticipate new threats or respond to attacks taking place.

Advanced security tools that classify data: in addition to ensuring compliance with current regulations on data protection, having tools that correctly classify the company’s data is also a matter of protection. This classification prevents external cloud services from accessing critical data (for example, credentials), while allowing for the safe passage of customer data necessary for providing them service.