Research published by Consumer Services (CSI) reveals increasing threats among bank executives in hiring new talent and facing cybercrime threats as a challenge. The survey received 279 executive responses from the banking sector nationwide, bankers listed cybersecurity dangers (26%) and hiring employees (21%) as the top problems in 2022.
The survey results, suggesting respondents from different bank asset sizes, provide an alternate look into how these organizations tackle concerning issues like compliance, technological innovations, and customer expectations.
For example, to improve user experience and increase market shares, banks are promoting the use of digital tools, like account opening (51% responses), customer relationship management (43% responses), and digital loans (36% respondents).
CSI is a leading fintech, regtech, and cybersecurity solutions partner operating at the intersection of innovation and service. It excels at driving the business forward with a unique blend of cutting-edge technology, effortless integration, and a commitment to authentic partnerships defined by our customer-first culture.
Customers have raised the bar in expectations from banks, and the latter should respond accordingly, says David Culbertson, CSI president, and CEO. The data is paired with banks' aspirations to improve digital tools, the banking industry is moving towards a digital-first mindset and aiming for digital advancement. Interestingly, bank leaders also aspire to open banking for growth, particularly for digital progress.
The latest research suggests how banking institutes measure their personal growth in the rising digital landscape scenario. "For example, although executives on average rated their institutions a healthy 4/5 on compliance readiness, regulatory changes remain top of mind, with 14% of respondents naming it their primary concern.," reports HelpNet Security.
Keeping the new administration in mind, bankers have mentioned "data privacy" (39% responses) and CECL (20% responses) as the most needed measures for banking institutions. "The continuation of remote work will make this a critical component, along with new asset types such as cryptocurrencies being adopted, and increasing privacy regulations.
On the other hand, ransomware is expected to remain a challenge alongside a bigger looming threat from quantum computing, which holds the potential to defeat modern encryption systems," reports HelpNet Security.
A new large-scale DDoS attack carried out late in the evening on September 2 led to the system failure of major banks and made some of their services unavailable. Thus, a number of large banks experienced problems with payments and card services for some time.
VTB, Sberbank and Alfa-Bank withstood the attack, but their Internet provider Orange Business Services experienced significant difficulties.
"Everything that went through Internet providers, including land points that are connected by wires, ATMs, POS terminals, did not work for some time," said a bank representative.
"The IT services of our partners and their communication providers faced a DDoS attack, which affected the payment of customers in remote service channels," VTB reported.
Sberbank reported that on September 2, a failure was recorded on the side of an external service provider, which could lead to short delays in the operation of individual services.
"Some reports recorded by the Downdetector resource could be related to problems with one of the local Internet providers," Alfa-Bank reported.
Olga Baranova, Operational Director of Orange Business Services in Russia and the CIS, said that since August 9, the company's cyber threat monitoring center has been recording attacks on financial clients around the clock using capacitive attacks such as Amplification, as well as attacks using encrypted protocols (HTTPS).
"These attacks continue even now. The most powerful one was about 100 Gbps. Moreover, in terms of the number of attacks we detected, this August is comparable to the entire last year," added she.
As explained by the founder and CEO of Qrator Labs, Alexander Lyamin, Amplification attacks are aimed at communication channels, and HTTPS or Application Layer attacks are aimed directly at applications. "DDoS attacks of this type are the most dangerous: they are difficult to detect and neutralize since they can simulate legitimate traffic," noted he.
Awillix specialists discovered vulnerabilities in bank chatbots that could allow fraudsters to transfer money without the knowledge of customers. Positive Technologies confirmed the risks. The largest banks reported that they limit the functionality of chatbots in messengers.
It should be noted that about 10% of Russian banks use chatbots: they can be used in messengers, mobile applications, social networks, on the website and in the contact center.
Alexander Gerasimov, Director of Information Security at Awillix, said that chatbots in messengers, which are used for individual account transactions, may be vulnerable to malicious attacks.
The company's specialists checked the security of chatbots in two Russian credit organizations and found similar logical vulnerabilities. They allow obtaining the number and expiration date of cards, as well as finding out the account balance and cell phone number of the client.
"During the pentests, it was possible to log into the test client's account and perform a money transfer operation," Alexander Gerasimov said.
Maxim Kostikov, head of the banking systems security research group at Positive Technologies, confirmed that chatbots can be subject to various vulnerabilities, which depend on their functionality. For example, security problems can allow you to get customer data, get into their personal accounts in the chatbot, and find out the card balance.
According to him, the most popular scenarios of deception are changing the functionality of the chatbot to collect information about the person who uses it, sending malicious software on behalf of a credit institution, replacing the robot with a fraudster during communication, creating fake chatbots of banks.
"If a person uses a bank chatbot, which is able to make money transfers in the messenger, two-factor authentication can be configured to log into the application to protect funds," stressed Infosystems Jet expert, adding that there is also a danger in cases when an attacker gained direct access to the victim's device physically or as a result of a malicious attack.
Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.
The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.
Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.
"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.
Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.
Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.
According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.
As a result of an international special operation, the Office of the Prosecutor General of Ukraine has stopped the activity of one of the world's largest phishing services for attacks on financial institutions in different countries.
The Prosecutor's Office said that as a result of the work of the phishing center, banks in 11 countries - Australia, Spain, the United States, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany and the United Kingdom - were affected. According to preliminary data, the losses reach tens of millions of dollars.
It is reported that a hacker from Ternopil developed a phishing package and a special administrative panel aimed at the web resources of banks and their clients.
"The admin panel allowed to control the accounts of users who registered on compromised resources and entered their payment data, which were later received by the fraudsters. He created his own online store on the DarkNet network to demonstrate the functionality and sell his developments," the Prosecutor's Office explained the algorithm of the center's functioning.
More than 200 active buyers of malicious software were found.
According to the investigation, the hacker did not only sell their products but also provide technical support in the implementation of phishing attacks.
"According to the results of the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out with the help of the development of the Ternopil hacker," said the Department.
A criminal case has been opened on this fact under the article on unauthorized interference in the operation of computers, automated systems, computer networks, or telecommunications networks, as well as the creation of harmful software products for the purpose of using, distributing, or selling them.
Earlier, the deputy director of the National Coordination Center for Computer Incidents (NCCI), Nikolai Murashov, said that the United States had placed hackers in Montenegro and Ukraine. This was done allegedly under the pretext of protecting the elections.
TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures..
TTP Based Threat Intelligence
Trukno, a Community-based Threat Intelligence Platform uncovering the root causes behind the latest cyber-attacks, is set to release their open-access beta December 22nd.
Every second a new attack in cyberspace takes place, according to a report by Acronis, 32% of all major companies are attacked at least once a day. Unless the outcome of these attacks are notable (like the FireEye breach), the reports of these attacks often get buried in the never-ending flow of new cyber information. These reports, when in the hands of the right people, oftentimes contain valuable intelligence on the Tactics, Techniques, and Procedures used by adversaries. This knowledge can help cyber defenders better assess risk and take proactive measures to prevent these same attack techniques from being effective against their organization. It can give valuable insights on where to funnel resources for more effective defense postures.
Hunt Smarter, not Harder.
Traditionally, uncovering root causes and criteria behind emerging cyber attacks is done in one of two ways:
1. Manually scrolling through vendor blogs, government reports, and news outlets to find long-winded reports of cyber-attacks (trivial & time-intensive)
2. Getting hand-curated, confidential reports from your threat intelligence team (requires multiple employees dedicated full-time to threat analysis)
The thing is, cyber security professionals rarely have time to do the manual sourcing, and even if they did, there is no certainty they would be able to find that one attack report that is relevant to their situation. Additionally, Threat intelligence analysts are in high demand and low supply, making them reserved for only the most mature security operations.
TruKno’s AI engine ensures with a high level of confidence that not breach, campaign, or attack report goes unnoticed. It is actively keeping a pulse on the industry’s leading intelligence sources, identifying critical reports in real-time. TruKno’s analyst team then does manual analysis on these reports, identifying affected industries, technologies, actors, malware, and more. Most importantly, TruKno analyses these cyber-attacks through the lens of the MITRE ATT&CK Framework, offering a universal lexicon and database of observed threat techniques.
TruKno wants to make TTP-based threat intelligence the foundation of any organization’s (or individual’s) Security posture.
E Hacking news had a discussion with TruKno’s Founding Team:
Manish Kapoor (Founder & CEO), Ebrahim Saed (Co-Founder & CTO), and Noah Binstock (Co-Founder & COO), in which we talked about the importance of TTP-Based Security and their upcoming beta release on the 22nd.
Manish Kapoor discussed the origins of TruKno:
“Trukno was founded with the mission of arming security professionals with the information they need to keep us safe. The name itself is a translation of Gyaan, or True Knowledge. It is the clarity that comes from knowing the right information, at the right time.”
Before Founding TruKno, Manish spent 10 years helping the world’s largest service providers better understand the evolving threat landscapes to build better cybersecurity solutions for their customers.
“My job required me to always be up to date with the latest emerging attacks, but there was no way for me, as a busy professional, to quickly and accurately stay up to date with new adversarial techniques and procedures. I knew there had to be a better solution than scrolling through hundreds of articles a day.”
Manish commented on the ‘gray-space’ between advanced intelligence tools reserved for advanced analysts at mature security organizations, and tools available to the cyber security community as a whole.
“There are a lot of incredible intelligence tools out there. The issue is, they are reserved for a very select group within the industry due to price point and complexity. Cyber security is a team sport, and a winning team is built up of individuals. There is a need for universal tools that can benefit all security stakeholders.”
Noah Binstock, Head of Operations at TruKno, also commented on their mission and the power of accessible intelligence.
“Informed decision making starts with having a full understand of the subject matter, this is true no matter what industry you are in. People are at the core of cybersecurity, and it is our mission to arm them with the tools they need to make the best decisions on behalf of us all.”
TruKno built its foundation off of the MITRE ATT&CK Matrix, a globally accessible knowledge base of adversary tactics and techniques based on real-world observation.
“We are seeing MITRE ATT&CK become a staple in many security organizations, and we align very closely with their mission of empowering the cyber community as a whole. We use the ATT&CK Framework to offer a common lexicon for all defenders”
Ebrahim Saed, the CTO of TruKno, is at the core of TruKno’s technical capabilities, allowing TruKno users to access an infinite database of cyber intelligence with no load time on the user end. He commented on the importance of responsive & user-friendly interfaces when it comes to intelligence.
“Gathering the intelligence is one thing. The real differentiator is making this critical intelligence instantly available, all at the users fingertips.”
Ebrahim is currently developing a mobile application for TruKno as well, enabling users to access real-world intelligence anywhere anytime.
The Product:
Since its founding in October of 2018, TruKno has interviewed over 500 cybersecurity professionals, from Threat Analysts to CISOs, working in close collaboration with the cybersecurity community during product development. Here is what they are unveiling:
CyberFeed:
Trukno’s CyberFeed is a free, customizable cybersecurity news manager to help the community easily access and organize the industry’s top intelligence and news channels. Access key articles while avoiding information overload.
ThreatBoard:
TruKno’s Threat Intelligence platform, ThreatBoard uses an AI engine to identify cyber-attacks as they are first reported on the web. They are then broken down by TruKno’s analyst team, extracting & curating key information, affected Industries, Technologies, Actors, Malware, and more. Additionally, Techniques behind these latest breaches are documented and paired with MITRE’s ATT&CK Framework, enabling users to identify potential risks to their organization based off of real-world observations.
Upcoming Features:
• TruKno has already developed team collaboration functionalities, enabling users to securely collaborate on intelligence from Threatboard with their teams. They are waiting for key user feedback before they release team collaboration (TeamBoards).
• Cyberfeed is currently being developed to allow users to upload their own source URLs, social media intelligence feeds and more. Sharing functions will also be enabled to empower the security community to easily share valuable resources.
• TruKno is actively finding new ways to present the data being extracted from these reports and are currently improving interoperability between Threatboard analysis and the MITRE Organization’s ATT&CK Framework.
• TruKno’s AI effort, led by Dr. Rob Guinness, is constantly improving, automating more and more analysis, meaning more insights.
• The team is currently working with key industry stakeholders to enable API integration with TruKno’s intelligence data, enabling more actionable intelligence for security teams.
Hunt Smarter, Not Harder
In short, TruKno’s goal is to help the cyber security community get the intelligence they need to help keep us safe. TTP based threat intelligence is a valuable lens for all security professionals, and they hope that their tools can help make it a community staple.
The TruKno Open beta is live at www.TruKno.com.
Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.
According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.
Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.
The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.
According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.
The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.
However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.
In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.
According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.
The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.
Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.
Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.