Banks and financial institutions across the world have lost millions of dollars since 2015 due to cybercrime, with one of the primary targets being the SWIFT wire transfer system.
To combat this crisis SWIFT has presented new guidance for financial institutions to help with maintaining proper security standards and to ensure criminals cannot gain unauthorized access to financial systems.
Banks are a commonly targeted by cybercriminals. In addition to constant phishing threats, banks deal with security issues regarding legacy browsers, operating systems, and applications. The dependence on legacy technology often allows attackers to easily gain access to valuable assets.
Cyber-attackers used these legacy applications, phishing, and other techniques to gain access to multiple banks across the world allowing them to successfully steal hundreds of millions of dollars. The cyber-attackers were extremely careful and patient monitoring the individual banks’ environments for months allowing them to gain multiple credentials, record regular SWIFT transfers and plan virtually untraceable transactions.
How can banks protect themselves against these types of attacks?
Critical Design Associates has had success assisting top banks in the United States build secure delivery platforms with a particular emphasis on SWIFT and wire transfer systems. Delivering a secure platform requires many layers of security and a clear understanding of the wire transfer security requirements.
What is our solution? Critical Design recommends a multi-layered approach using the people, process, platform approach. These solutions often focus on the following areas:
People: Reviewing the existing system user authentication, authorization, and auditing roles within the organization and verifying that access is effectively limited and monitored by design.
Process: Reviewing, building or modifying the existing processes to achieve a more secure and auditable system with as many security barriers and sensors as possible to thwart fraudulent behavior. We also work with our customers to ensure effective response processes are in place based on the “assume you are breached” concept.
Platform: Building secure enclaves, thereby limiting access to “locked down” workstations, servers, data, and networks where wire transfers are performed. This is achieved by:
- Applying industry standard security configurations
- Implementing Multi-factor Authentication (“MFA”) and requiring multiple forms of authentication and authorization, above and beyond the typical two-factor systems where only a username, password and token code is required (i.e. Vasco and RSA). The design model we deliver adds additional layers of authentication, authorization, and auditing by adding group level, device level, and application level restrictions. This minimizes the attack surface significantly.
- Deploying Next Generation Anti-Virus (“NGAV”): NGAV not only protects against commodity malware but is also able to prevent novel attacks by evaluating behavior and context. This provides visibility to identify all vital information in the “kill chain” to remediate the attack.
- Implementing Application Controls/Whitelisting: While this approach is not “fool proof” it does provide for additional security and another opportunity to trigger on abnormal or malicious activity. Application Control provides tools to determine which users, systems, and applications can communicate at a very granular level.
- Deploying Non-Persistent Virtualization: A typical attack often requires persistence to be established by the attacker. With non-persistent virtualized computing environments we are able to protect against many forms of attacks where persistence is required.
- Deploying Micro-Segmentation solutions for desktops and servers: This allows for greater control, sensor placement, and containment of threats. Granularly restricted network access protects against an attacker’s ability to establish command and control (“C2”). Command and control is a typical tactic employed by criminals after persistence is established. Micro-segmentation allows security policies to be defined explicitly.
- Employing granular logon and session timeout controls: Time-based session controls add security by determining when and how long a user can have specific applications open before requiring login credentials to be entered again. It also allows for greater monitoring of when computers and applications are being accessed; abnormal access times indicate suspicious behavior and trigger alerts.
Can you confidently say your environment is truly secure? Are you prepared for a cyber-attack?
Let’s make sure your wire transfer system is not vulnerable to these attacks.