Cyber threats change at a rapid pace. Tactics and attack methods are changing and improving daily.
Cyber criminals access a computer or network server to cause harm using several paths. This is also called an attack vector.
Common ways to gain access to a computer or network include:
- Removable media such as flash drives
- Brute force attack using trial and error to decode encrypted data
- Web or email attacks
- Unauthorized use of your organization's system privileges
- Loss or theft of devices containing confidential information
The Division of Banks (DOB) encourages all financial institutions and non-depository financial institutions to develop detailed cybersecurity policies to deter attacks.
Types of cyber threats your institution should be aware of include:
- Distributed denial of service (DDoS) attacks
- Spam and Phishing
- Corporate Account Takeover (CATO)
- Automated Teller Machine (ATM) Cash Out
Malware is also known as malicious code or malicious software. Malware is a program inserted into a system to compromise the confidentiality, integrity, or availability of data. It is done secretly and can affect your data, applications, or operating system. Malware has become one of the most significant external threat to systems. Malware can cause widespread damage and disruption, and requires huge efforts within most organizations.
Spyware, a malware intended to violate privacy, has also become a major concern to organizations. Although privacy-violating malware has been in use for many years, it has become much more common recently. Spyware invades many systems to track personal activities and conduct financial fraud.
Organizations also face similar threats from several forms of non-malware threats. These forms of cyber threats are often associated with malware. A more common form is phishing. Phishing involves tricking individuals into revealing sensitive or personal information.
Tips for preventing Malware from the National Institute of Standards and Technology (NIST) Guide to Malware Incident Prevention and Handling:
- Require e-mail file attachments to be scanned and saved to local drives or removable media.
- Don’t allow certain types of files (e.g., .exe files) to be sent or received by e-mail.
- Restrict removable media, such as CDs or flash drives, on systems that are high risk.
- Limit the number of users with administrator-level access or privileges.
- Ensure systems are updated regularly with operating system and application upgrades and patches.
Ransomware prevents or limits users from accessing their system via malware. Ransomware asks you to pay a ransom using online payment methods to regain access to your system or data. Online payment methods usually include virtual currencies such as bitcoins. Ransomware is one of the most widely used methods of attacks.
Ransomware enters computer networks and encrypts files using public-key encryption. Unlike other malware, this encryption key stays on the cyber criminal’s server. Cyber criminals will request ransom for this private key. Cyber criminals are using encryption as a weapon to hold the data hostage.
Ransomware is hard to detect before it’s too late, and ransomware techniques continue to evolve. Because of this, your institution should focus on prevention efforts. Prevention efforts include training for employees and strong information security controls.
The DOB recommends developing strong business continuity plans and incident response plans. Plan development may help in the event of a ransomware attack.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks make an online service unavailable by overwhelming it with excessive traffic from many locations and sources. Website response time slows down, preventing access during a DDoS attack. Cyber criminals develop large networks of infected computers called Botnets by planting malware. A DDoS attack may not be the primary cyber crime. The attacks often create a distraction while other types of fraud and cyber intrusion are attempted.
The Federal Financial Institutions Examination Council (FFIEC) issued a joint statement on DDoS attacks, risk mitigation, and additional resources.
Spam & Phishing
Spam includes unwanted, unsolicited, or undesirable messages and emails. Phishing is a form of social engineering, including attempts to get sensitive information. Phishing attempts will appear to be from a trustworthy person or business.
Cyber criminals pretend to be an official representative sending you an email or message with a warning related to your account information. The message will often ask for a response by following a link to a fake website or email address where you will provide confidential information. The format of the message will typically appear legitimate using proper logos and names. Any information entered into the fake link goes to the cyber criminal.
The FBI developed tips for preventing phishing attacks.
Corporate Account Takeover (CATO)
CATO is a business entity theft where cyber thieves impersonate the business and send unauthorized wire and ACH transactions. The unauthorized funds are sent to accounts controlled by the cyber criminal.
Many businesses are vulnerable to a CATO attack. Institutions with weak computer safeguards and minimal controls over online banking systems are easy targets. This form of cyber crime can result in large losses. Cyber criminals use malware to infect a computer through e-mail, websites, or malware disguised as software.
The Conference of State Bank Supervisors (CSBS) developed a CATO best practices document.
Automated Teller Machine (ATM) Cash Out
ATM Cash Out is a type of large dollar value ATM fraud. Cash-outs involve simultaneous large cash withdrawals from several ATMs in many regions. It may also include large withdrawals at one ATM.
The Cash Out usually affects small-to medium-sized financial institutions. The attack involves changing the settings on ATM web-based control panels. Cyber criminals change the ATM's dispense function control to "Unlimited Operations." The “Unlimited Operations" setting allows withdrawal of funds over the customer's account balance or beyond the ATM’s cash limit. Stolen ATM or debit card information is often used to withdraw the funds. As a result, your financial institution can suffer large dollar losses.
The DOB recommends reviewing your control over information technology networks, card issuer authorization systems, systems that manage ATM parameters, and fraud detection and response processes to prevent ATM Cash Out attacks.
The FFIEC issued a joint statement about cyber attacks on financial institutions’ ATM and card authorization systems.