Gone are the days when criminals masked their identities and busted into a bank declaring, "This is a stick up!" According to Bank Attacks 2018, published today by Positive Technologies, cybercriminals are reaping big financial gains with relatively low risk by going online to rob banks.
Analysis of information systems performed by the company for banks over the past three years found that attackers can obtain unauthorized access to financial applications at 58% of banks.
While banks are well armed against external attacks with strong perimeter protections, they remain susceptible to insider threats, according to the report. "Whether by puncturing the perimeter with social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network, they find friendly terrain that is secured no better than companies in other industries," Positive Technologies wrote in a press release.
Using techniques similar to those of the Cobalt gang, known for its attacks on financial institutions, penetration testers compromised the workstations used for ATM management at one-quarter (25%) of the banks tested.
The report also noted that during the reconnaissance stage of collecting information about the target, many criminals search for malicious insider on web forums. These unscrupulous insiders are willing to share company information for a fee. Using stolen credentials and phishing campaigns are the most common and effective techniques criminals use to access banks because "it is both difficult and risky to organize attacks on servers or web applications, since the attackers are very likely to get caught," the report said.
Vulnerabilities in web applications leaves many banks at risk. Still, remote access is another dangerous feature that often leaves the door open to access by external users. "The most common types are the SSH and Telnet protocols, which are present on the network perimeter of over half of banks, as well as protocols for file server access, found at 42 percent of banks," the report said.
"The good news is that it's possible to stop an attack and prevent loss of funds at any stage, as long as the attack is detected in time and appropriate measures are taken," said Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, in the press release.
"Attachments should be scanned in a sandbox, without depending on endpoint antivirus solutions. It's critical to receive and immediately react to alerts with the help of an in-house or contracted 24/7 security operations center. In addition, SIEM solutions substantially simplify and improve the effectiveness of incident management."