Metro Bank Hacked

UK’s Metro Bank has been attacked by a Signalling Systems Number 7 (SS7) cyber-attack and has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass SS7 attack. 

The attack, which was first discovered by Motherboard and involved hackers tracking phones remotely and intercepting messages to authorise payments from accounts. 

Other banks are understood to have also been affected by this attack and the UK National Security Centre says SS7 attacks are increasing in regularity.

The (SS7) protocol system is used by telecoms companies to coordinate how calls and texts are routed. Hackers were able to exploit flaws in SS7, a protocol used by telecoms companies to coordinate how they route calls and SMS messages around the world.

Ryan Gosling, head of partnerships and Telco at Callsign has told Retail Banker International that the hack on Metro is not surprising but there are some methods the banks should use for SS7.

 “There have been several documented cases of SS7 breaches in the past. But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.

“While some effort has been made by the network operators to address the problem, some SS7 messages just cannot be filtered at the network boundaries. There are some legitimate reasons to send cross-network messages e.g. to set up call roaming.

“Therefore, if hackers can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network. These can be used to set up misdirection of banking verification codes.”

SS7 Attack and Possible Solutions
Gosling says the solution is three-fold. “Firstly, banks must adopt a strong and agile governance process in terms of authentication policies. They should also regularly review these policies. Thus they are fully up to date and can adjust their authentication methods as required to mitigate new threats.

“Secondly, they must employ a proactive cybersecurity research arm. In this way they can keep track of the new attacks being made on SS7 and other legacy protocols.

“The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible. That is, device, call divert, SIM swap, and roaming statuses from MNOs and specialist services.

“As a result, they build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that.

“A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour.  And recognise that a fraudster is at work based on similar combinations of these data points in the future.”

A Metro Bank spokesman said that a "small number" of the bank's customers had been affected. She said: "At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website.”

Metro Bank first reported the issue to authorities and apparently other businesses were affected by this cyber-attack, but they have not made public statements. 

Telegraph:          Verdict:

You Might Also Read:

Barclays Fights Off Cyber-Attacks Daily:

 

« Pentagon Cybersecurity is Falling Behind
The Biggest International Cybercime Offenders »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

Cyborg Security

Cyborg Security

Cyborg Security is a team of threat hunters, threat intelligence analysts, and security researchers from across North America.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.