Metro Bank Hacked

Uploaded on 2019-02-06 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

UK’s Metro Bank has been attacked by a Signalling Systems Number 7 (SS7) cyber-attack and has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass SS7 attack. 

The attack, which was first discovered by Motherboard and involved hackers tracking phones remotely and intercepting messages to authorise payments from accounts. 

Other banks are understood to have also been affected by this attack and the UK National Security Centre says SS7 attacks are increasing in regularity.

The (SS7) protocol system is used by telecoms companies to coordinate how calls and texts are routed. Hackers were able to exploit flaws in SS7, a protocol used by telecoms companies to coordinate how they route calls and SMS messages around the world.

Ryan Gosling, head of partnerships and Telco at Callsign has told Retail Banker International that the hack on Metro is not surprising but there are some methods the banks should use for SS7.

 “There have been several documented cases of SS7 breaches in the past. But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.

“While some effort has been made by the network operators to address the problem, some SS7 messages just cannot be filtered at the network boundaries. There are some legitimate reasons to send cross-network messages e.g. to set up call roaming.

“Therefore, if hackers can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network. These can be used to set up misdirection of banking verification codes.”

SS7 Attack and Possible Solutions
Gosling says the solution is three-fold. “Firstly, banks must adopt a strong and agile governance process in terms of authentication policies. They should also regularly review these policies. Thus they are fully up to date and can adjust their authentication methods as required to mitigate new threats.

“Secondly, they must employ a proactive cybersecurity research arm. In this way they can keep track of the new attacks being made on SS7 and other legacy protocols.

“The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible. That is, device, call divert, SIM swap, and roaming statuses from MNOs and specialist services.

“As a result, they build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that.

“A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour.  And recognise that a fraudster is at work based on similar combinations of these data points in the future.”

A Metro Bank spokesman said that a "small number" of the bank's customers had been affected. She said: "At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website.”

Metro Bank first reported the issue to authorities and apparently other businesses were affected by this cyber-attack, but they have not made public statements. 

Telegraph:          Verdict:

You Might Also Read:

Barclays Fights Off Cyber-Attacks Daily:

 

« Pentagon Cybersecurity is Falling Behind
The Biggest International Cybercime Offenders »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.

Office of Cyber Security and Information Assurance (OCSIA) - Isle of Man

Office of Cyber Security and Information Assurance (OCSIA) - Isle of Man

OCSIA acts as the focal point in developing the Isle of Man’s cyber resilience, working in partnership with private and third sector organisations across the Island alongside the wider population.