Cyber Attackers Tunnel Into Financial Services Firms

Uploaded on 2018-06-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Vectra, a leader in AI-powered cyber attack detection and threat hunting, has announced that many global financial services organisations are targeted by sophisticated cyber attackers in an attempt to steal critical data and personally-identifiable information (PII).
 
As part of key findings, Vectra disclosed that cyber attackers build hidden tunnels to break into networks and steal critical data and personal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as exfiltration, while remaining largely undetected.
 
"Cyber-attackers continue to innovate by using hidden tunnels to blend in with normal traffic, evade strong access controls, and exfiltrate financial data," said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.
 
"The Vectra report provides insights into these attacker behaviors and details what cyber-criminals are willing to do to steal personal and private financial information."
 
According to the report, security breaches across multiple industries continue in an upward trajectory, and the financial services industry is no exception. But while financial services firms didn't experience the same volume of breaches as other industries, they still face considerable risk as lucrative targets of cyber-attackers in search of a windfall.
 
Vectra found the same type of attacker behaviors across the financial services industry as those that led to the 2017 Equifax data breach. 
 
The Equifax breach resulted in the theft of driver's license numbers, email addresses, Social Security numbers and other personal information from 145.6 million consumers, according to a company filing with the Securities and Exchange Commission. After the breach occurred, it reportedly went undetected for 78 days.
 
Information in the 2018 Spotlight Report from Vectra is based on observations and data from the 2018 RSA Conference Edition of the Attacker Behavior Industry Report. The report reveals attacker behaviors and trends in networks from 246 opt-in customers in financial services and 13 other industries.
 
From August 2017 through January 2018, the Cognito cyberattack-detection and threat-hunting platform from Vectra
monitored network traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. 
 
The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.
 
"Every industry has a profile of network and user behaviors that relate to specific business models, applications and users," said Chris Morales, head of security analytics at Vectra. "Attackers will mimic and blend in with these behaviors, making them difficult to expose."
 
"What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems," Morales added. "The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data."
 
Key findings from the report include:
 
• Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined. 
• Vectra detected more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries combined. 
• For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services. 
• For every 10,000 devices across all industries, two hidden tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to five. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic doubled from two per 10,000 devices to four in financial services.
 
Cognito Detect and its equally powerful AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers in cloud and data center workloads and user and internet-of-things devices while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.
 
The data in spotlight report is based on anonymised metadata from Vectra customers who have opted to share detection metrics. 
 
The Cognito platform identifies behaviors that indicate in-progress attacks by directly monitoring all traffic and relevant logs, including traffic to and from the Internet, internal traffic between network devices, and virtualised workloads in private data centers and public clouds. This analysis provides important visibility into advanced phases of attacks.

PR Newswire

You Might Also Read:

Artificial Intelligence Will Reshape Banking:

Malware Targets Online Banking:

 

 

« Cybersecurity Issues For Open Banking
What War Games Tell Us About The Use Of Cyber Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.