Metro Bank Hacked

UK’s Metro Bank has been attacked by a Signalling Systems Number 7 (SS7) cyber-attack and has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass SS7 attack. 

The attack, which was first discovered by Motherboard and involved hackers tracking phones remotely and intercepting messages to authorise payments from accounts. 

Other banks are understood to have also been affected by this attack and the UK National Security Centre says SS7 attacks are increasing in regularity.

The (SS7) protocol system is used by telecoms companies to coordinate how calls and texts are routed. Hackers were able to exploit flaws in SS7, a protocol used by telecoms companies to coordinate how they route calls and SMS messages around the world.

Ryan Gosling, head of partnerships and Telco at Callsign has told Retail Banker International that the hack on Metro is not surprising but there are some methods the banks should use for SS7.

 “There have been several documented cases of SS7 breaches in the past. But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.

“While some effort has been made by the network operators to address the problem, some SS7 messages just cannot be filtered at the network boundaries. There are some legitimate reasons to send cross-network messages e.g. to set up call roaming.

“Therefore, if hackers can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network. These can be used to set up misdirection of banking verification codes.”

SS7 Attack and Possible Solutions
Gosling says the solution is three-fold. “Firstly, banks must adopt a strong and agile governance process in terms of authentication policies. They should also regularly review these policies. Thus they are fully up to date and can adjust their authentication methods as required to mitigate new threats.

“Secondly, they must employ a proactive cybersecurity research arm. In this way they can keep track of the new attacks being made on SS7 and other legacy protocols.

“The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible. That is, device, call divert, SIM swap, and roaming statuses from MNOs and specialist services.

“As a result, they build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that.

“A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour.  And recognise that a fraudster is at work based on similar combinations of these data points in the future.”

A Metro Bank spokesman said that a "small number" of the bank's customers had been affected. She said: "At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website.”

Metro Bank first reported the issue to authorities and apparently other businesses were affected by this cyber-attack, but they have not made public statements. 

Telegraph:          Verdict:

You Might Also Read:

Barclays Fights Off Cyber-Attacks Daily:

 

« Pentagon Cybersecurity is Falling Behind
The Biggest International Cybercime Offenders »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

National Trading Standards eCrime Team (NTSeCT)

National Trading Standards eCrime Team (NTSeCT)

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.