Cyber Attackers Tunnel Into Financial Services Firms

Uploaded on 2018-06-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Vectra, a leader in AI-powered cyber attack detection and threat hunting, has announced that many global financial services organisations are targeted by sophisticated cyber attackers in an attempt to steal critical data and personally-identifiable information (PII).
 
As part of key findings, Vectra disclosed that cyber attackers build hidden tunnels to break into networks and steal critical data and personal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as exfiltration, while remaining largely undetected.
 
"Cyber-attackers continue to innovate by using hidden tunnels to blend in with normal traffic, evade strong access controls, and exfiltrate financial data," said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.
 
"The Vectra report provides insights into these attacker behaviors and details what cyber-criminals are willing to do to steal personal and private financial information."
 
According to the report, security breaches across multiple industries continue in an upward trajectory, and the financial services industry is no exception. But while financial services firms didn't experience the same volume of breaches as other industries, they still face considerable risk as lucrative targets of cyber-attackers in search of a windfall.
 
Vectra found the same type of attacker behaviors across the financial services industry as those that led to the 2017 Equifax data breach. 
 
The Equifax breach resulted in the theft of driver's license numbers, email addresses, Social Security numbers and other personal information from 145.6 million consumers, according to a company filing with the Securities and Exchange Commission. After the breach occurred, it reportedly went undetected for 78 days.
 
Information in the 2018 Spotlight Report from Vectra is based on observations and data from the 2018 RSA Conference Edition of the Attacker Behavior Industry Report. The report reveals attacker behaviors and trends in networks from 246 opt-in customers in financial services and 13 other industries.
 
From August 2017 through January 2018, the Cognito cyberattack-detection and threat-hunting platform from Vectra
monitored network traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. 
 
The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.
 
"Every industry has a profile of network and user behaviors that relate to specific business models, applications and users," said Chris Morales, head of security analytics at Vectra. "Attackers will mimic and blend in with these behaviors, making them difficult to expose."
 
"What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems," Morales added. "The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data."
 
Key findings from the report include:
 
• Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined. 
• Vectra detected more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries combined. 
• For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services. 
• For every 10,000 devices across all industries, two hidden tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to five. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic doubled from two per 10,000 devices to four in financial services.
 
Cognito Detect and its equally powerful AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers in cloud and data center workloads and user and internet-of-things devices while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.
 
The data in spotlight report is based on anonymised metadata from Vectra customers who have opted to share detection metrics. 
 
The Cognito platform identifies behaviors that indicate in-progress attacks by directly monitoring all traffic and relevant logs, including traffic to and from the Internet, internal traffic between network devices, and virtualised workloads in private data centers and public clouds. This analysis provides important visibility into advanced phases of attacks.

PR Newswire

You Might Also Read:

Artificial Intelligence Will Reshape Banking:

Malware Targets Online Banking:

 

 

« Cybersecurity Issues For Open Banking
What War Games Tell Us About The Use Of Cyber Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

PAX Momentum

PAX Momentum

PAX Momentum is the Mid-Atlantic’s premier startup accelerator, specializing in cyber, enterprise software, telecom, CleanTech, FinTech, InsureTech, and AI.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.