Cyber threats faced by the financial sector

May 2016 Editor's Choice, Information Security

Cyber threats can be broadly categorised as either a computer network attack (CNA), aiming for the disruption, degradation or destruction of information and systems; or computer network exploitation (CNE), which focuses on accessing, stealing and exploiting information. Unfortunately, both are regularly used against the financial sector. When it comes to who is behind these attacks, they come from all corners of the web, from a lone hacktivist to a full-blown state-sponsored attack.

To get a grip on the question of what are the cyber threats faced by the financial sector, we need to explore who the potential attackers are, what they’re after and what their motives are.

Who is attacking?

MWR’s research has uncovered six different types of threat actor, each with their own methods, context and incentives, but all similar in that they are a real and very serious threat to financial institutions the world over:

Nation States – Nation states have many reasons to attack the financial sector, such as aspirations to boost their own financial centres through stolen software and data or to derail the systems of another states for political ends.

Terrorists – Terrorists are increasingly using cyber means to reach their goals – Al-Qaeda has called for e-jihad in the past while ISIS are attempting to recruit hackers through social media.

Hacktivists – Hacktivists’ political motives vary, but all use cyber attacks to express opposition to institutions and policy.

Well-placed individuals – Current or former employees with insight into systems and information, or contractors managing IT, could inflict high-impact damage.

Organised crime – A major source of financially-incentivised cyber attacks, organised crime is actively pursuing the low-risk yet high yield potential of cyber crime.

Competitors – Competitors engage in cyber operations motivated by economic advantage, either directly through in-house capability, or more often through intermediary actors such as criminal hackers for hire, or nation states supporting their industry.

How will they attack?

Cyber attacks can be highly specialised and bespoke, however, the majority of hostile actors opt simply for the most time- and cost-effective methods of compromise:

Computer network attack – The most common CNA is a distributed denial-of-service (DDoS) attack, which involves overwhelming online and Internet-connected services with large volumes of traffic, thus compromising availability. The attack stems from varied, often geographically disparate sources, usually compromised computers. This provides both a force multiplier and a veil to obscure the attacker’s identity; it could even implicate an innocent party.

Computer network exploitation – Social engineering is a common aspect of CNE, whereby sophisticated attackers use highly targeted phishing attacks as opposed to attacks where emails are sent to thousands of random users. Spear phishing is extremely effective, as specific details relating to the recipient’s work or personal life might be included, making the email far more believable. Alternatively, the attacker might use watering holes, where websites regularly visited by targeted individuals are compromised and infected with malware for the targets to unwittingly download.

Here’s a list of five key conditions that, together, will help financial organisations defend against attacks:

1. A good understanding of the motives of the attacking groups likely to target them.

2. Undertake an extensive programme to identify information assets.

3. Instigate an extensive project that identifies all the attack paths connected to these assets.

4. Justify the cost of removing these attack paths, and/or consolidating the assets to reduce the attack surface area.

5. Augment their attack monitoring and response, so that attacks can be efficiently curtailed in the early phases.

Organisations need to be aware of the various threats that face them, and accept that their part in society places them in the firing line. An up-to-date threat picture and a risk management strategy that is flexible to this dynamic risk are essential.

For more information, contact MWR South Africa, +27 (0)10 100 3159, harry.grobbelaar@mwrinfosecurity.com, www.mwrinfosecurity.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Read more...
Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Read more...
Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

Read more...
Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

Read more...
SA enterprises can benefit from AI-driven cybersecurity
AI & Data Analytics Information Security
Cybercrime is big business, and threat actors deploy cutting-edge tools to carry out attacks. Fortunately, cybersecurity is constantly evolving to meet and counter the threats they face.

Read more...
South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Read more...
Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.

Read more...
Service orientation and attention to detail
Technews Publishing Editor's Choice Risk Management & Resilience
Lianne Mc Hendry evolved from working for an accounting firm to an accomplished all-rounder familiar with the manufacturing, distribution, and system integration aspects of the security industry value chain.

Read more...