Banking Industry Comes under Malware Assault

There’s a natural perception that banking institutions such as the Federal Reserve would be as well defended from a cybersecurity perspective as they are from every day bank robbers. But it turns out the U.S. Federal Reserve was forced to admit this week that is has detected more than 50 cyber breaches between 2011 and 2015, with several of those incidents attributed to "espionage.”

Of course, this isn’t the only high profile breach involving the banking industry of late. Hackers have increasingly targeted SWIFT, a worldwide network for financial transactions managed by a consortium of financial institutions based in Brussels. Meanwhile, in Russia a cybercriminal gang responsible for stealing $25 million was recently exposed.

Even the lowly automated teller machine (ATM) isn’t safe. It’s been discovered in Japan that hackers were able to steal nearly $13 million from Japanese ATM machines within two hours.

Naturally, just like traditional bank robbers the reason hackers are targeting banks is because that’s where the money is. While all this cybercriminal activity hasn’t yet reached the point where it’s crippling the banking industry, the losses are starting to mount. The real issue facing the banking industry today is how often these attacks are to replicate. In fact, the Federal Bureau of Investigation says it has identified 900 criminal forums on the so-called “Dark Web” through which cybercriminals are exchanging ways to compromise systems. Worse yet, it’s now also clear that many of the cyberattacks being launched across the banking industry are too one degree or another state sponsored.

Truthfully, however, not all of these attacks are news. In the name of protecting their reputations for trust, many banks have been minimizing the impact cybersecurity attacks have been having on their bottom lines for years. Whether it’s outright fraud or the unauthorized transfer of funds, it’s clear that billions of dollars have already been misappropriated.

[clickToTweet tweet="The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, many attributed to 'espionage.”" quote="The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, many attributed to 'espionage.”"]

Most of those attacks, however, have been focused on “high value” targets. But as those rich targets continue to improve their IT security defenses, it’s only a matter of time before cybercriminals start looking for softer targets. As far as a cybercriminal is concerned, a simple savings and loan association is little more than a potential gateway to a broad range of international financial networks. And should it be deemed that the local bank didn’t do enough to prevent that breach from occurring in the first place, all the fines and lawsuit settlements stemming from that breach are going to be more than enough to put that organization permanently out of business.

Unfortunately, far too many senior business executives still don’t recognize the true scope of the threat. Many of them assume their organization is too small to become the target of a major cybersecurity infiltration. Worse case in their minds, some hacker will make use of ransomware to force them to pay a fee to get the encryption keys needed to restore their data. In reality, cybercriminals now clearly see that smaller financial institutions represent the weakest link in a chain of related financial services that are riper now for the picking than ever.

---

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.

Connect with Mike on LinkedIn, Twitter, and Google+.