YURY NAMESTNIKOV Cyberattacks typically come in waves, as the method of a successful attack will be repeated in new territories
Financial institutions can expect a rise in the number of cyberattacks on mobile devices next year, as well as attacks on employee machines and noncritical systems, says cybersecurity multinational Kaspersky Lab Russia research and analysis team head Yury Namestnikov.
A Kaspersky Lab security report indicates that the increasing attacks against mobile devices will continue to escalate, and that advanced persistent threats (APTs) will also increase.
APT attacks against higher-level employees will continue, but hackers are increasingly targeting lower-level employees to gain a foothold inside a company’s network. Further, cybercriminals are using various ways of infiltrating an employee’s machine, often using common, low-risk malware to mask their activities. Unique malware raises security flags, but common malware enables cyberattackers to reduce the threat profile of their attacks.
Namestnikov says there has been a rise in the number of attacks against noncore systems, such as advertisement servers. He cites a recent example of a bank having been hacked, during which the hackers gained access to the core servers by first hacking into the advertisement server. Although noncritical, the server was on the same network segment as the electronic banking and Web server, he adds.
He advises that financial institutions segment their networks and implement ‘default deny’ policies, including a policy for scripts to prevent hackers uploading executable files and Powershell scripts – often used by network and information technology (IT) administrators to automate processes – which provide them with ways of gaining entry, expose vulnerable systems or extract data from the financial institution.
Financial institutions should review their IT systems and security to ensure that minimum best practices are in place, as it is often elementary errors and oversights that provide the window for cyberattackers.
“An example of an oversight that led to a breach is a bank which used similar passwords for its servers. The hackers knew the environment of the bank and had hacked into other parts of the network. They knew that entering an incorrect password would trigger an alert, and patiently tried three different passwords once a week over three months until they guessed the correct password.”
Cyberattackers are typically present in a company’s network for 18 months before carrying out a large-scale attack, usually by using spoofed Swift money transfer transactions to steal money and committing automatic teller machine fraud.
Cyberattacks typically come in waves, as the method of a successful attack will usually be repeated in new territories.
“While we have not seen a spike in attacks against South African financial institutions, we expect that it is only a matter of time before cybercriminals begin to attack them using methods developed in other parts of the world.”