Financial institutions at risk of cyber-attacks - report

FINANCIAL institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before.

 

The report further cautions that a slight mistake could cause great cash loss to the financial institutions like what happened to a Bangladesh Bank Central Bank. The Sophos report indicates that financial infrastructure is at greater risk of attack. 

 

“The use of targeted phishing and ‘whaling’ continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts.

“We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFTconnected institutions which cost the Bangladesh Central Bank $81 million in February,” reveals the report.

The caution comes in following a Cybersecurity giant Sophos report published recently shows that the attacks are expected to increase this year.

Expounding further, the report indicates that the year 2016 saw a huge number and variety of cyber-attacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election, according to a report by a Cybersecurity giant Sophos.

The Sophos report shows that they also saw a rising tide of data breaches from big organisations and small and significant losses of people’s personal information. “Since the year 2016 is over, we’re pondering how some of those trends might play out in 2017,” it notes.

The report indicates that the current and emerging attack trends include the destructive DDoS IOT attack which is expected to rise. “In 2016, Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT (Internet of Things) devices.

Mirai’s attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques,” part of the report indicates.

However, the report claims that cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities.

“Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network,” it notes. It shows there is a shift from exploitation to targeted social attacks.

“Cybercriminals are getting better at exploiting the ultimate vulnerability - humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves.

For example, it’s common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect,” explains part of the report.

It further states that shock, awe or borrowing authority by pretending to be law enforcement are common and effective tactics, saying that the email directs them to a malicious link that users are panicked into clicking on, opening them up to attack.

“Such phishing attacks can no longer be recognised by obvious mistakes,” it states. SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks, stating that the threat is very persistent, adaptive and sophisticated – and it is here to stay.

The Sophos report notes that there is increasing exploitation of the Internet’s inherently insecure infrastructure. All Internet users rely on ancient foundational protocols and their ubiquity makes them nearly impossible to revamp or replace.

These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky.