With headlines such as "The biggest ever bank robbery" and "Worst bank hacking crime in history", the Carbanak online robbery attracted plenty of attention, particularly from executives in the financial sector.
Despite signs of new techniques being used, the Carbanak attacks bear the hallmarks of a typical cyber crime attack, including spear phishing, targeted malware, privilege escalation, keylogging, screen grabbing and extraction of valuable information onto the internet.
The origins of many of these techniques are more than a decade old, and while attack methods continue to evolve, this story is raising eyebrows in the security industry. How can such activity go undetected on a bank’s critical network for months? Is technology failing or is it not being used effectively?
Cyber crime attacks by their nature can often be sophisticated, focused and relentless, requiring advanced levels of protection to combat them. However, the well-established methods used in the Carbanak attacks mean organisations should be better prepared.
Read more about Carbanak cyber attacks
In addition to good security governance and risk management, financial institutions should be reviewing their security technology capabilities and establishing how they can put them to better use.
ISF recommendations include the following:
- Get the basics right by addressing easy targets with system hardening, keeping the infrastructure up-to-date, restricting access and segregating critical systems
- Understand the threat by modelling their techniques, performing security testing, reviewing intelligence information and monitoring online forums
- Be prepared by anticipating criminal groups use of new tools, exploits and methods, testing incident response capabilities and maintaining a relationship with law enforcement agencies, industry regulators, media and other important parties
- Maximise technology investment by integrating existing technologies, enabling greater event logging, centralised monitoring and closer inspection of anomalies
- Strengthen protection by implementing advanced measures, such as honeypots and tarpits to detect, monitor and learn about cyber criminals
- Learn from attacks by investigating root cause and near misses to reduce frequency and impact of attacks
Mark Chaplin is a member of the leadership team in the Information Security Forum.