For financial institutions today, getting hacked is an omnipresent danger.
The Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit threat intelligence sharing group for the financial sector, estimates that its members report an average of 400 potential threats each day, many of them from cyber criminals attempting to penetrate financial systems to access an array of sensitive information.
Hackers use various methods and tools to perpetrate cyber attacks on financial institutions as well as other businesses. Here are five of the most common:
Business Email Compromise (BEC): An employee receives an email from a company executive requesting that he immediately wire a large amount of money overseas. The employee, intent on following the boss’s orders, executes the transfer right away…but there’s a problem. The emailed request didn’t come from the executive at all, but rather from a thief who managed to successfully impersonate the executive, either by hacking into her account or creating an email account that looks very similar to hers. BEC scammers stole nearly $215 million dollars around the world between October 2013 and Dec. 1, 2014, according to the FBI.
Distributed Denial of Service (DDoS): Banks and other financial institutions want their websites and networks to be popular, but not so popular that their systems are overwhelmed and can no longer serve their customers. Hackers use DDoS attacks to achieve such mayhem by using multiple—possibly thousands—of computers to send fake traffic to targeted websites, overloading them to the point of paralysis. The hackers may demand their targets pay a ransom to prevent future attacks, as the criminal group DD4BC infamously did when it attacked financial services firms in 2015.
Malware: Short for “malicious software,” malware downloaded onto computers and computer networks may destroy or steal data or render networks inoperable, leaving businesses and their customers vulnerable to major financial losses.Computers can often become infected with malware when users click on what appears to be a credible link or download what they believe to be a legitimate program. Late last month, for instance, hackers attempted to trick Internet users into clicking on a malware link disguised as an article about actor Brad Pitt. In many instances, unfortunately, users may not realize they have downloaded malware or only find out after the fact. Security experts recommend that those who suspect they’ve accidentally downloaded malware run anti-virus scans to identify and address malware problems.
Phishing: Why use back channels to steal sensitive information when you can trick your target into just handing it over? Through phishing, hackers impersonate legitimate businesses or government organizations over email to request data such as passwords and bank account numbers that they can use to access bank accounts or wreak other havoc. Hackers intending to pursue a BEC scam, for instance, may start by phishing an executive to gain access to her credential and later use them to trick her employees into transferring cash. Scammers can also use phishing emails to trick users into downloading malware.
Ransomware: Ransomware is a form of malware that seeks to restricts users’ access to their computers and computer networks until they, as the name implies, pay some sort of ransom—often through an electronic currency known as bitcoin—to the hackers behind the ransomware. One particularly aggressive form of ransomware, known as CryptoWall, was responsible for losses of more than $18 million between April 2014 and June 2015, the FBI reported.
How are financial institutions fending off cyber attacks? Learn about their collaborative efforts through the Financial Services Information Sharing and Analysis Center later this week at The Alert Investor