It is very essential to understand the reasons criminals decide to focus on banks as their target. This is not to mean that other corporate organizations are safe from their deadly hands. Many criminals said they make banks their focus because that is where the money is. According to Robin Sloan, head of cyber content and data at Dow Jones Risk and Compliance, “Cyber criminals will always be attracted to financial services because that’s where the serious financial gain is.” The gain here is raw and they wouldn’t need to start marketing the products they steal before they can get money.
“Instead of going with a scattergun approach to hit lots of different points, criminals are looking at who is able to get them access to the systems. They want help in understanding how the systems work so they can design an attack to exploit vulnerabilities,” Sloan said in a 2016 conference in Geneva. From his words, one will understand that one of the ways in which criminals make banks their target is to develop an intimate relationship with an insider who will provide them with all the necessary information so as to ease their work. Once they have the needed information within their reach, their job as good as done. The main reason for adopting this approach is to ensure that law enforcement officers are not focused on them while carrying out their heinous act. They can use LinkedIn profiles to find security staff, especially in Asia, who may not be earning very much, and use them to get help in pulling off a major heist like Bangladesh (Greenfoldt, 2016).
Another way through which criminals get at banks is to target ATMs. They have recently devised another means of staging this form of attack. They now target ATMs through the banks’ networks, shifting the landscape from physical to network-based attacks. So, if banks think their ATMs are secure and no evil can befall them except through physical means, they should understand that it is a pure self-deceit.
Trend Micro, a multinational security software company collaborated with Europol’s European Cybercrime Center (EC3) to examine how ATM malware, as a formidable threat, has evolved over the years and continued to gain stealthier features that target a multitude of ATMs (Business Tech, 2017).
“Over the years, ATM thefts have been undertaken in a variety of ways: from blowing up safes to gluing on skimmers and attaching fake keypads to installing malware executables. In particular, the use of malware in attacking ATMs has seen considerable adoption among cybercriminals, and one of the primary factors contributing to its sustained use is the fact that many of the targeted machines still use outdated operating systems,” said Trend Micro.
“Such systems no longer receive critical security updates, so in the most basic sense, system vulnerabilities are not addressed, let alone resolved.” When your tools are out of date, your firm becomes an easy target for criminals. Cyber criminals go extra mile to learn about the operations of your systems and see if they can identify vulnerabilities. In fact, gaining physical access to ATM points has become so common a target that many criminals do not use the technique again.
They have found an even more nefarious infection vector, where no removable drives are inserted and no incriminating footages or fingerprints are found. While explaining this new tactic, Micro Trend states that “There is no indication that the ATMs have been physically tampered with, but still, the machines are found to have been emptied of cash. The machines do not even have to be stationed on shady streets, remote locations, or other unsecured spots to be thus compromised.” Invariably, if banks fail to step up their game, they will not be able to match up with the new technique devised by criminals.
Trend Micro explains that the first entry into the network is usually by social engineering, making bank employees the weakest link in this infection chain. Network-based ATM heists are far more elaborate than physical attacks, but they have proved to be a more profitable money-making scheme (Business Tech, 2017). Again, this boils down to the first point made in the beginning of this piece—bank employees being invaluable assets in the hands of criminals. This is why employee training and re-training is indispensable to the banking sector. Most of the time, not that the employees willingly give in to the request of the criminals but they bank on their ignorance. The only antidote to ignorance is knowledge and this comes by registering for the relevant training courses. On the other hand, if there are traces that the employees willingly assent to the request of criminals, this calls for conducting background checks from time to time in order to fish out the bad eggs in the organization before they contaminate others.
Another way in which criminals target banks is through coordinated attacks. This is a common form of physical attack on banks across the world. In fact, such action led to the closure of the seven biggest banks in the UK in 2017. Criminals may make use of DDOS—distributed denial of service to cripple the activities of bank. When this is done, customers will have difficulty making use of the online services of the victimized bank. A website identified as ‘Webstresser’ which has now been closed down is said to be the world’s biggest and most sophisticated online cyber crime market, offering hackers tools that have been used to launch up to 4m DDOS attacks (Bond, 2018).
In order to make the website and others in similar group operate freely, they are usually given a veil of authenticity. This is done by offering apparently genuine pieces of software designed to stress-test computer systems but which are used by criminals to disrupt services (Bond, 2018). Arresting cyber criminals is definitely good but it will surely not stop any of the means of target enumerated in this piece. What is required for financial institutions to live above board is being proactive; we must learn what to do in order to prevent such ill occurrences from happening.
References
Bond, D (2018). Seven UK Banks Targeted By Co-Ordinated Cyber Attack. Retrieved from https://www.ft.com/content/2e582594-48ab-11e8-8ee8-cae73aab7ccb
Business Tech (2017). Cyber Criminals Have Found Another Way To Target ATMs. Retrieved from https://businesstech.co.za/news/banking/201220/cyber-criminals-have-found-another-way-to-target-atms/
Wilson, J (2017). Cybercriminals Are Finding It Easier Than Ever To Target Us. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2017/12/08/cybercriminals-are-finding-it-easier-than-ever-to-target-us/#a53ed262c486