The financial sector is more concerned with information security than others. Regulators are constantly putting forward new requirements, fines for leaks are increasing, fraud schemes are becoming more complex – all this forces banks to be initiative and improve security systems.
But despite the efforts, there are a lot of security incidents: according to SearchInform, in the first half of 2017, 24% of financial and credit companies faced data breaches. Takeaway message: The race to tighten up protection will continue forever. And the vector of the development of protective measures will dictate threats. Here are the main ones.
THREATS FROM OUTSIDE
1. TARGETED ATTACKS
They require serious and lengthy preparation from fraudsters, but they happen more and more often because it is more profitable to attack banks than individual clients. If in 2013, two hacker groups (Corkow and Anunak) were known to Russian banks, then in 2016, MoneyTaker, Buhtrap, Cobalt, and Lurk were already mentioned in the news of leaks.
The mechanics of targeted attacks usually involves the penetration of fraudsters into the banking IT infrastructure, for which social engineering methods are used. Attackers study victims and mimic the companies with which victims usually come into contact. The goal is to obtain the necessary data or infect a computer to penetrate a particular system.
A striking example of social engineering was the attack in March 2016, when hackers, on behalf of the FinCert structure of the Central Bank of the Russian Federation, sent emails with a malicious attachment to employees of different banks. The sender's address, the domain to which the letter referred, and even the digital code of the attached file were very similar to the real ones, so many bank employees downloaded the file with a virus, thereby compromising the system.
According to statistics, scammers need 24 hours from the start of the attack to seize administrator rights.
2. ATTACKS ON BANK THROUGH THEIR PARTNERS
Auditors, lawyers, and other parties cooperate with banks and own their information. Hacking partners is easier than the bank itself, and fraudsters use this. They create copy sites, infect them with a virus, offer bank employees to go to the partner's usual site – and as soon as this happens, the hacker gains access to the corporate network.
It is much easier to prepare for such a fraud: viruses for outdated standard systems can be downloaded for free on the Internet, for newer ones – no more than $ 50,000. Besides, hacking into a banking partner can go unnoticed as long as the bank is focused on securing its own infrastructure.
3. ANDROID TROJANS
Most often, they disguise themselves as useful links and automatically infect the victim's phone or tablet. After clicking on the link, the malware activates and collects data for fraudsters, for example, information for withdrawing funds from an account. Usually, the process takes place in the background, so there is a high probability that the victim will discover something amiss after the money is debited.
In addition to targeted delivery, Trojans can be automatically downloaded together with any programs, for example, with a mobile flashlight. In this case, applications ask for extended rights, and people tend to agree with them without looking. After that, the history of calls and messages, files on the phone, and in the clouds, access to banking applications, as well as the victim's location data become transparent to the attacker.
4. ATTACKS ON ABS AND ATMS
Fraudsters break into ATMs either mechanically or by interfering with the internal network. In the first case, the robbers, using an external medium, infect the central module of the ATM or install an additional device in the line break. And penetration into the "brain" of the system allows you to control the banknote dispenser at the electronic level. Then the abettor can just set the bag to the ATM dispenser.
Attacks on ABS and ATMs are increasingly becoming precedents. According to the experts' forecast, if you do not take prompt measures, bank losses from such fraud will exceed 323 million dollars.
Alas, not only external fraudsters can compromise banking sector companies. Financial institutions employ people who have access to confidential data, and sometimes – a desire to take revenge, get additional income, or other benefits.
Among the most common internal bank fraud schemes:
1. TAKING OUT A LOAN FOR A CLIENT WITHOUT HIS ADVICE
Having the personal data of clients who have been approved for a loan, bank employees can easily arrange loans for victims and receive their money. Another fraudulent scheme is to inform clients after the approval of the loan application that the bank has refused to issue funds and to embezzle money.
2. TRANSFER OF CLIENT MONEY TO FRAUDSTER’S ACCOUNTS
This is also a popular fraud in banking. Scams like these can be detected quickly if an attentive client asks questions. But there are cases when victims pay someone else's debts.
3. FORGING OF DATA ABOUT THE BORROWER WHEN APPLYING A LOAN OR APPROVAL OF THE APPLICATION WITHOUT LOOKING
In many banks, the number of originated loans affects the salaries of specialists: it is in their interests to conclude as many contracts as possible. As a result, bank employers hide the borrower's low income, lack of a residence permit, or informal employment. Also, sometimes the client himself offers to go to fraud and falsify information, promising the bank employee gratitude in monetary terms.
The SearchInform client exposed a fraudulent scheme:
4. LEAKING OF CONFIDENTIAL INFORMATION WITH DECEPTIVE PURPOSES
According to the SearchInform research, in the first half of 2017, 73% of financial institutions faced attempts by their employees to steal information. People do this for different reasons: some out of revenge, others out of a desire to become rich.
The manager of one of the lead banks in the world, not having achieved the desired promotion. As a result, he wanted to sell the data about the nearest plans of the bank meeting. If such information got into the press, the bank would have suffered considerable financial and reputation losses. However, the control of the employee from the risk group and work on prevention prevented the incident.
According to statistics, information about clients and transactions is the most in-demand among banking insiders. In the first half of 2017, 33% of banks faced leaks or attempts to steal this data. Their employees took the bases, leaving for a new place of work, or sold it for a lot of money.
A case from a SearchInform client:
Wanting to get justice or get rich at the expense of others, people resort to old ways of cheating and new schemes of deception. To effectively counter employee misconduct, banks need to be proactive: not closing infrastructure gaps after an incident, but preventing it.
To do this, the market actors need to exchange experience, which is unusual for a closed community of information security specialists.