https://www.engineeringnews.co.za

Financial institutions urged to prepare for rise in mobile device attacks

YURY NAMESTNIKOV
Cyberattacks typically come in waves, as the method of a successful attack will be repeated in new territories

YURY NAMESTNIKOV Cyberattacks typically come in waves, as the method of a successful attack will be repeated in new territories

25th November 2016

By: Schalk Burger

Creamer Media Senior Deputy Editor

  

Font size: - +

Financial institutions can expect a rise in the number of cyberattacks on mobile devices next year, as well as attacks on employee machines and noncritical systems, says cybersecurity multinational Kaspersky Lab Russia research and analysis team head Yury Namestnikov.

A Kaspersky Lab security report indicates that the increasing attacks against mobile devices will continue to escalate, and that advanced persistent threats (APTs) will also increase.

APT attacks against higher-level employees will continue, but hackers are increasingly targeting lower-level employees to gain a foothold inside a company’s network. Further, cybercriminals are using various ways of infiltrating an employee’s machine, often using common, low-risk malware to mask their activities. Unique malware raises security flags, but common malware enables cyberattackers to reduce the threat profile of their attacks.

Namestnikov says there has been a rise in the number of attacks against noncore systems, such as advertisement servers. He cites a recent example of a bank having been hacked, during which the hackers gained access to the core servers by first hacking into the advertisement server. Although noncritical, the server was on the same network segment as the electronic banking and Web server, he adds.

He advises that financial institutions segment their networks and implement ‘default deny’ policies, including a policy for scripts to prevent hackers uploading executable files and Powershell scripts – often used by network and information technology (IT) administrators to automate processes – which provide them with ways of gaining entry, expose vulnerable systems or extract data from the financial institution.

Financial institutions should review their IT systems and security to ensure that minimum best practices are in place, as it is often elementary errors and oversights that provide the window for cyberattackers.

“An example of an oversight that led to a breach is a bank which used similar passwords for its servers. The hackers knew the environment of the bank and had hacked into other parts of the network. They knew that entering an incorrect password would trigger an alert, and patiently tried three different passwords once a week over three months until they guessed the correct password.”

Cyberattackers are typically present in a company’s network for 18 months before carrying out a large-scale attack, usually by using spoofed Swift money transfer transactions to steal money and committing automatic teller machine fraud.

Cyberattacks typically come in waves, as the method of a successful attack will usually be repeated in new territories.

“While we have not seen a spike in attacks against South African financial institutions, we expect that it is only a matter of time before cybercriminals begin to attack them using methods developed in other parts of the world.”

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

Showroom

WearCheck
WearCheck

Leading condition monitoring specialists, WearCheck, help boost machinery lifespan and reduce catastrophic component failure through the scientific...

VISIT SHOWROOM 
Universal Storage Systems (SA)
Universal Storage Systems (SA)

South African leader in Steel -Racking, -Shelving, and -Mezzanine flooring. Universal has innovated an approach which encompasses conceptualising,...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.146 0.198s - 164pq - 2rq
Subscribe Now