Cyber threats can be broadly categorised as either a computer network attack (CNA), aiming for the disruption, degradation or destruction of information and systems; or computer network exploitation (CNE), which focuses on accessing, stealing and exploiting information. Unfortunately, both are regularly used against the financial sector. When it comes to who is behind these attacks, they come from all corners of the web, from a lone hacktivist to a full-blown state-sponsored attack.
To get a grip on the question of what are the cyber threats faced by the financial sector, we need to explore who the potential attackers are, what they’re after and what their motives are.
Who is attacking?
MWR’s research has uncovered six different types of threat actor, each with their own methods, context and incentives, but all similar in that they are a real and very serious threat to financial institutions the world over:
Nation States – Nation states have many reasons to attack the financial sector, such as aspirations to boost their own financial centres through stolen software and data or to derail the systems of another states for political ends.
Terrorists – Terrorists are increasingly using cyber means to reach their goals – Al-Qaeda has called for e-jihad in the past while ISIS are attempting to recruit hackers through social media.
Hacktivists – Hacktivists’ political motives vary, but all use cyber attacks to express opposition to institutions and policy.
Well-placed individuals – Current or former employees with insight into systems and information, or contractors managing IT, could inflict high-impact damage.
Organised crime – A major source of financially-incentivised cyber attacks, organised crime is actively pursuing the low-risk yet high yield potential of cyber crime.
Competitors – Competitors engage in cyber operations motivated by economic advantage, either directly through in-house capability, or more often through intermediary actors such as criminal hackers for hire, or nation states supporting their industry.
How will they attack?
Cyber attacks can be highly specialised and bespoke, however, the majority of hostile actors opt simply for the most time- and cost-effective methods of compromise:
Computer network attack – The most common CNA is a distributed denial-of-service (DDoS) attack, which involves overwhelming online and Internet-connected services with large volumes of traffic, thus compromising availability. The attack stems from varied, often geographically disparate sources, usually compromised computers. This provides both a force multiplier and a veil to obscure the attacker’s identity; it could even implicate an innocent party.
Computer network exploitation – Social engineering is a common aspect of CNE, whereby sophisticated attackers use highly targeted phishing attacks as opposed to attacks where emails are sent to thousands of random users. Spear phishing is extremely effective, as specific details relating to the recipient’s work or personal life might be included, making the email far more believable. Alternatively, the attacker might use watering holes, where websites regularly visited by targeted individuals are compromised and infected with malware for the targets to unwittingly download.
Here’s a list of five key conditions that, together, will help financial organisations defend against attacks:
1. A good understanding of the motives of the attacking groups likely to target them.
2. Undertake an extensive programme to identify information assets.
3. Instigate an extensive project that identifies all the attack paths connected to these assets.
4. Justify the cost of removing these attack paths, and/or consolidating the assets to reduce the attack surface area.
5. Augment their attack monitoring and response, so that attacks can be efficiently curtailed in the early phases.
Organisations need to be aware of the various threats that face them, and accept that their part in society places them in the firing line. An up-to-date threat picture and a risk management strategy that is flexible to this dynamic risk are essential.
For more information, contact MWR South Africa, +27 (0)10 100 3159, [email protected], www.mwrinfosecurity.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version