Indian banks have reported 248 successful data breaches by hackers between June 2018 and March 2022. 41 breaches were reported by public sector banks, private sector banks reported 205 data attacks, and foreign banks faced 2. Banks are targeted by hackers because they manage very large amounts of money, store vast quantities of customer and transactional data, and are essential to the financial health of a nation.
We can expect attacks on banks to increase as the number of online financial transactions increase (powered by easy access to connectivity, availability of computing devices at many price points, and increasing financial literacy) as that will increase the data accessible by banks. A bank is expected to be safe and therefore banks should ensure they maintain cybersecurity to avoid losing customer trust and inviting regulatory action. We will examine how banks can secure their operations by discussing cyberattacks on 7 banks around the world and what we can learn from them.
Lessons from 7 Attacks on Banks
1. Operations Paralysed at a South Korean Farm Co-operative Bank
A laptop used by a subcontractor of the bank was compromised and came under the control of the cyberattackers who later staged a remote attack on the bank through the laptop. The attack caused a 3-day service outage, customers were unable to access their money, and the records of some credit card customers were deleted.
The Lesson: Securing all devices that connect to a bank’s network, including devices used by subcontractors, is essential to maintaining bank cybersecurity. An enterprise endpoint security solution that provides centralised control, such as K7 Endpoint Security, should be deployed on all devices to help banks manage organisation-wide cybersecurity and monitor the security status of all devices no matter where they may be located.
2. Attempted Theft of $951 Million from a Bank in Bangladesh
A resume accompanying a job-seeking email contained malware that allowed threat actors to enter the bank’s network, gain SWIFT access, and issue instructions for transfer of $951 million a year later. A spelling error and favourable circumstances blocked the bulk of the transfers but $65 million is yet to be recovered.
The Lesson: An endpoint security solution, such as K7 Endpoint Security, that will automatically scan all email attachments, links in emails, and files downloaded from the internet, must be deployed on all bank devices to prevent the entry of malware through seemingly non-malicious communication. Gateway security, like K7 Unified Threat Management, should be deployed to protect bank networks from hacker intrusions. Vulnerability Assessment and Penetration Testing (VAPT) must be performed periodically to identify cybersecurity gaps. Employees must be trained to identify phishing and other social engineering attempts.
3. 83 Million Impacted by Hack of American Bank
The bank failed to upgrade a server to support Two-Factor Authentication (2FA) which allowed threat actors to enter the bank’s network by stealing an employee’s credentials and then gain high-level access to more than 90 bank servers. The attack compromised some account information of 83 million households and small businesses.
The Lesson: All computing equipment and all networked equipment, including IoT devices and printers, must have all updates and upgrades installed as soon as they become available. Any security upgrades offered, such as 2FA, should be activated immediately to improve security. Password hygiene should be maintained to prevent credential compromise and constantly updated endpoint security, like K7 Endpoint Security, must be deployed on all endpoints to identify and block credential stealing keyloggers.
4. American Investment Bank’s Data Breached Through Attack On Vendor
A vulnerability in a legacy file-sharing product used by a vendor allowed cyberattackers to gain access to an unknown number of documents containing the bank’s customers’ addresses and Social Security numbers. The documents were encrypted but the threat actors were able to steal the decryption key.
The Lesson: Banks must insist on vendors implementing adequate cybersecurity measures to avoid such supply chain attacks, with the adequacy of measures determined by the degree of sensitivity of bank information the vendor can access. Vendors must upgrade legacy applications and devices to currently supported products where possible or secure them through solutions that are designed to protect legacy digital infrastructure. Decryption keys should be secured and access to such keys should be restricted to prevent compromise by threat actors.
Our blog on Cybersecuring the Supply Chain examines 6 steps required to avoid cyberattacks through 3rd parties. Our whitepaper on Guarding Legacy IT Assets provides an in-depth discussion on securing legacy infrastructure.
5. Polish Bank Computers Compromised Through Hack of Banking Regulator Website
Threat actors hacked the website of the Polish Financial Supervision Authority which can be expected to be visited frequently by bank employees using computers that are within a bank’s IT perimeter. Malicious code was hosted on the compromised website to redirect visitors to a specific exploit kit and download malware that gathered information about the banks’ computer systems.
The Lesson: All bank endpoints should be protected with endpoint protection, such as K7 Endpoint Security, that will block malicious websites and block drive-by downloads from compromised websites. The bank’s network should also be protected by K7 Unified Threat Management that provides gateway-level malware protection.
6. Data Breach of 100 million credit card applications and accounts at American Bank Holding Company
A misconfigured web application firewall allowed a former employee of the bank’s cloud hosting provider to break into the bank’s server and gain access to the personal information of 100 million people in the USA and 6 million people in Canada. The company is expected to incur up to $150 million in response and remediation costs.
The Lesson: All security solutions should be correctly configured to prevent opportunistic hackers from compromising the bank’s IT assets. Cybersecurity solutions that are known to be easy to configure, such as K7 Endpoint Security, should be deployed to avoid misconfiguration due to complexity. Vulnerability Assessment and Penetration Testing (VAPT) must also be performed to identify and seal any potential points of entry for threat actors.
7. Whaling Attack on the President of a Major Regional Central Bank
Threat actors impersonated the leader of a country with one of the world’s largest economies to approach the president of the European Central Bank in an attempt to persuade her to share the authentication code that would allow them to open a WhatsApp account linked to her phone number.
The Lesson: Bank leaders have access to significant resources, exercise critical decision-making power, and are individuals of influence, making them the target of highly customised attacks by threat actors. Their official devices should be secured with endpoint security like K7 Endpoint Security and their personal devices should be secured with robust consumer antivirus like K7 Ultimate Security. Leaders should also be made aware of the threats they face and encouraged to practise cyber hygiene at all times in their professional and personal lives.
Our blog Cyberattacks On CEOs – Risk Management For Leaders discusses 5 critical measures that must be implemented to manage the risk of attacks against leaders.
Bank cybersecurity is under a spotlight as the world increasingly depends on digital transactions. New Zealand’s Reserve Bank now includes a cyberattack in their solvency stress test and other nations can be expected to take a closer look at their banks’ ability to defend themselves against cyberthreats.
K7 Security has extensive experience in protecting banks against cyberattacks. Read our case study on how we protect a state-wide co-operative bank with 2,000+ employees and 50,00,000+ customers, or contact us to learn more about how we can help you protect your bank’s operations with our cybersecurity solutions and services.