Hackers are leveraging radical attack vectors

According Gnana Prakash Masilamani, Post-Sales Leader at Cyberbit, banks should have a very good Last line of Defense with EDR solutions to protect their endpoints as these endpoints are the weakest link in the network and very easy to compromise.

What are some of the top cyber threats Indian banks face? How are they different from other foreign banks? What are some of the high-profile attacks both in India and abroad?

The increasing number and complexity of cyberattacks today highlights the need for financial institutions to strengthen their information security and cyber resilience. The repercussions of a cyberattack are often far-reaching in the banking sector due to several factors such as customer data privacy, loss of reputation, business continuity, and regulatory actions alongside others. The biggest challenge, perhaps, is that attackers are simultaneously becoming more sophisticated. They are leveraging radical attack vectors and ultramodern technologies to penetrate deeper into a bank’s network.

It is also important to note that the major difference on the cybersecurity front vis-à-vis Indian and a foreign bank is the volume of transactions. Indian Banks are relatively big not just in terms of the turnover but also in terms of the number of customers they deal with. On an average, any small-size bank in India will have more than 1000 branch offices and the largest bank’s count might cross 24,000. All devices in the individual branch offices will connect back to the back-end systems. So, if there is any unresolved vulnerability, it increases the cyber risk of Indian banks by multiple folds. Some of the high-profile attacks in India and abroad include the Bangladesh Bank Heist of 2016, which used SWIFT credentials, Bank of Mauritius’ Mumbai branch hack that took place in late-2018, and 2018’s Cosmos Bank heist which used proxy switch system and cloning of bank cards.

How ready are Indian banks to counter financial cyberattacks?

Today, most of the banks in India are allocating sizeable budget to deploy the best security solutions to fight against sophisticated cyberattacks. Even though Indian Banks are very serious about their cybersecurity, there are multiple challenges technology leaders from the financial sector must address. According to Mr. Gulshan Rai, National Cybersecurity Coordinator at the National State Council, banks are most vulnerable to cyber threats and the Indian banking system needs to prepare itself to mitigate the associated risks. He also mentioned that nearly 22% of the attacks which took place in the country were on the banking sector and these attacks are becoming complex day by day, especially with the adoption of digital technologies in the business.

My recommendation is that banks should have a very good LoD (Last line of Défense) with EDR solutions to protect their endpoints. Endpoints are the weakest link in the network and very easy to compromise. Further, cybersecurity compliance is a must for banks as they are dealing with multi-layered cyber risks. Merely deploying a security solution will not help them fight against the cyberattacks. These tools must also be configured with the right policies and procedures in order to detect even the smallest of anomaly within the network or a user’s behaviour. Sophisticated solutions such as EDR which incorporates capabilities like continuous monitoring, behavioural analytics, machine learning, allow for more precise identification, while keeping the occurrence of false positives to a minimum. The skillset and collaboration of the in-house SOC (Security Operations Center) team must also be enhanced using the right approach like simulated training.

What are some preventive technologies and how easy is it for financial institutions to implement these solutions?

Prevention is nothing but identifying the vulnerabilities and mitigating them before the attacker takes advantage. There are several promising technologies in the market to identify the vulnerabilities in the network, applications, servers, etc. FIs can use vulnerability management tools, application security scanning tools, NGFW’s with pre-defined and advanced techniques having prevention capabilities, and so on. These technologies are easy to implement but the main crux is that enterprises are transforming their security spending strategy, moving away from prevention-only approaches to focus more on detection and response, as also indicated by a Gartner study.

That’s why endpoint detection and response is getting traction amongst security leaders. On the endpoint layer, it is always better to go beyond the traditional signature or the IOC-based prevention. Banks should have powerful EDR solutions to proactively analyze all the malicious activities and files which are trying to tamper the network. It must also identify their behaviours and prevent them from execution. Furthermore, EDR lowers the analyst entry level by automatically providing valuable insights that give first-tier analysts a deeper understanding of the threat. EDR also incorporates forensics and investigation capabilities to provide analysts with great visibility throughout their networks and supports investigations as well as analysis process. Therefore, it automates a majority of an analyst’s work, allowing teams to save time and quickly identify the entire threat lifecycle.

Can IoT devices ever be part of the bank-financial ecosystem or are they too much of a security risk?

To begin with, we are heading towards an intensely digital future. IoT devices have already started playing a major role in the financial ecosystem. How many of us remember going to the bank recently for some money transaction? The financial sector has started adopting IoT technologies in various areas as well including account management, leasing, smart collaterals, digital customer, on-boarding, etc.The IoT infrastructure not only helps the financial organizations in providing a better experience to their customers, but it also helps in understanding the economic trends and customer preferences by collecting first-hand data. This data, in turn, helps them to improve their service on a regular basis. Of course, IoT brings in a lot of security risks. The financial institutions must have the best cybersecurity protocol and security training in place to tackle this.

What role will AI-ML play in future banking operations? Will they thwart cyberattacks or lead to further complications?

Well, AI technology, or rather its subset Machine Learning, is definitely a boon for the banking operations. However, the technology is still in its embryonic stage and the true potential of it is far from being tapped. Many banks are still talking about it and trying to understand the benefits in terms of the ROI. This will definitely help them in making major decisions such how to better manage credit, mitigate risks, fraud management, etc. Similarly, AI adds considerable value in the security processes as well. With these kinds of advanced technologies, the bank will be able to even identify some threats which might not get detected otherwise by conventional tools in the network. Soon, machine learning algorithms built on various cybersecurity technologies will be able to detect various slow and tricky attacks like malware beaconing, watering hole, Advanced Persistent Threat, and so on.

AI will be a critical technology for organizations to stay ahead of the curve in the cybersecurity domain, managing the large number of alerts which SIEM generates or detects through behavioural analytics. But Artificial Intelligence can be utilized in a more efficient way if there are better-skilled professionals to handle it. SOAR streamlines the security operations by integrating multiple tools in a single screen and automating incident response playbooks. This effectively decreases the time-to-respond by up to 90% while also tripling the capacity of a SOC. Another great use case of AI is the administered learning by which systems learn to detect threats by making judgments based on the data fed to them. Organizations should, ideally, implement a combination of detection and response tools alongside AI and ML capabilities to have an upper hand. Tools such as AI-based EDR (Endpoint Detection and Response) are proving themselves to be a game-changer since they are able to even detect the attacks which are bypassed by conventional cybersecurity tools. Therefore, AI will bring more opportunities considering enterprise adopts AI coupled tools.

Tell us something about Hawkeye Malware.

The only way to safeguard Hawkeye Malware is to use behavioural analysis alongside AI as this malware leverages a file-less approach. So, being a file-less attack, it often evades signature-based detection products. Hawkeye works by using key logging on the target end point and uses a tool which is contained in an encrypted resource section of the binary to extract sensitive login data from web browsers. First malware attempts to schedule a window task, so it will execute each time the user logs in, which is a persistent approach. This is a fileless approach intended to reduce the malware’s footprint. Cyberbit EDR was able to detect, analyze, and visualize extensive use of evasive processes and file-less memory based techniques. Our EDR also allows the analyst to fetch the memory dump of the process to analyze the injected executable using third-party tools.