A recent report about the hacking of financial services organisations reveals an industry that is almost under siege. According to the survey, during 2013 about 1,400 financial institutions were targeted across 88 countries.
During the first 9 months of 2013 the number of Trojans targeted at banks grew by three times compared to the same period the previous year. Somewhat obviously, the report’s authors also say concerted cyber crime directed at banks was first noted when online banking started becoming mainstream, about 10 years ago.
The decline of bank robberies
It’s interesting to note that traditional ‘stick-em-up’ bank robberies have also declined over the past two decades by about 90% according to the British Bankers Association. Clearly dyed bank notes, CCTV and a general beefing up of security have pushed the villains to the relative safety of online hacking.
To get a sense of the scale of the criminal underworld activity in online fraud you simply just have to dive into the deep web and view what’s on offer, from stolen credit/debit card details to live PayPal accounts and a whole lot more.
Banks do all sorts of things to ensure security especially in the online arena, some of which you’ll hear about, some of which you won’t. Dotted across the countryside in the UK and other countries, there are any number of architecturally bland, anonymous looking buildings designed to protect banking networks.
Hidden bunkers and lead-lined walls
They have lead-lined walls to shield them from hackers attempting to pick up wireless transmission and inside you’ll find levels of security that at the very least require eyeball recognition to enter the inner domain. Once inside, you’ll find large semi-darkened rooms with one wall lined with enormous screens and in front of them, a group or people watching the screens and every now and then hunkering over a keyboard and tapping furiously.
The screens show breaches that are happening in a company network, whether they’re deliberate or accidental following some unpredictable confluence of user behaviour. In simple terms, the holes are plugged as soon as they are seen.
However, according to the European Network and Information Security Agency (ENISA) it’s the end user that is the weak link, that is, you and I. ENISA is the European Union’s cyber security hub which advises on best practice, deterrence and so on. Not so long ago it told financial services organisations across the EU that they should adopt security measures that assumes that user devices are compromised.
Hacking banks in 2013
The organisations attacked during 2013 represent every flavour of financial services from credit unions and retail banks to investment banks and stockbrokers. The favoured method is to plant a Trojan on a user’s machine and then access the data to mine information. The user is often duped into executing the Trojan by downloading an attachment that is disguised as something that is every day. A Trojan often acts as backdoor contacting a controller who then has access to the computer.
Ironically, it’s relatively easy to protect against Trojans by ensuring you have good antivirus software that not only regularly updates new virus signatures but can also detect anomalous behaviour on a computer. As we move into 2014, as the report illustrates and ENISA implies, we’re all going to need much more awareness about the importance of protecting our online lives.