Posted by: Moshe Ben Simon, VP of Services and TrapX Labs
It’s a difficult time for the banking industry as there seems to be no end in sight to ongoing cyber attacks. We know from experience that data breaches within financial institutions are far more common than what’s reported in the news. Our security operations center constantly tracks escalating attacks on financial institutions and works with our customers to identify and defeat the attacks.
Recently, the SWIFT financial network has come under focused and persistent attacks by organized crime and its sophisticated cyber thieves. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is used by our customers to share financial-transaction information securely, pertaining primarily to money transfers.
In early 2015, attackers targeted the Ecuador Banco del Austro and made off with approximately $9 million. The Bangladesh Central Bank was targeted for nearly $1 billion in fraudulent transactions, most of which were intercepted by the Federal Reserve Bank of New York. The attackers still got away with $81 million after it was transferred to the Philippines.
A similar attempt was made on the Philippines Bank in 2016, followed by another attack for $1 million against the Tien Phong Bank in Vietnam. In 2016, the attackers expanded into the Ukraine and Russia. Although we do not have detailed confirmation, it appears that attackers withdrew approximately $10 million from a Ukrainian bank. The Kyiv office of ISACA (the Ukrainian Information Systems Audit and Control Association) was hired to analyze the forensics of the attack and audit the situation carefully. At this point, it appears that dozens of banks in the Ukraine and Russia may have been similarly compromised, with estimated losses in the hundreds of millions of dollars.
As with any major financial application, such as those that control online banking and ATM networks, an application is only as secure as the network infrastructure that supports it. Attackers use the same techniques nearly every time, planning a barrage of attacks, emails, hijacked websites, and social engineering–all to insert custom malware into the network. They only need to succeed once. Once inside, they set up a “backdoor,” download additional tools, establish command and control, and then move laterally to discover assets of opportunity.
In the case of SWIFT, they seek to find the Alliance Gateway, Alliance Access, and Alliance Web Platform. Over time, the attackers learn about the bank’s operating procedures and then attempt to compromise targeted systems. Once they have perfected network access, they can get in the middle of transactions or even initiate new ones. This is a significant concern that needs to be addressed.
To help our customers fight back, TrapX labs has devised new DeceptionGrid emulations that imitate multiple components within a SWIFT infrastructure, and are designed to stop the attackers in their tracks. We’ve deployed a full deception architecture that can effectively surround and protect your real SWIFT assets. Our Traps (decoys) emulate authentic SWIFT Gateway, Access, and Web platforms. We have also automated the placement of Tokens (lures) on endpoints that create a fake browser history, bookmarks to the Alliance Web Platform, and SWIFT credentials. These Tokens redirect attackers away from the real SWIFT assets and back to the SWIFT Traps, where they cannot compromise your systems.
Banking customers using deception for the first time also get these benefits for their other key assets and applications. We protect not just SWIFT servers and workstations, but all key financial applications, infrastructure, and data. Our Traps and Lures blanket the financial enterprise, identifying and protecting against lateral movements by sophisticated attackers. Plus, we have other advanced emulated Traps for financial institutions that take protection to an even deeper level. You can load these emulated Traps for automated teller machines (ATMs), point-of-sale devices, workstations, financial and database servers, and more.
Our deception architecture is ready to help you do battle with attackers trying to breach your SWIFT assets. Contact us to discuss how we can help. To find out more about our special programs for banking, please reach out to me directly, Moshe Ben Simon, Vice President and Founder of TrapX Labs, at [email protected].