The threat news of the week is about MoneyTaker – a cybercrime group apparently responsible for theft of over $10M from 18 banks in the US and Russia. If you’ve read any of the online accounts, it’s easy to be overwhelmed by the details and the growing sophistication of cybercrime groups. While it’s important not to downplay their fierceness and the growing risks associated with advanced persistent threats, it’s also important to focus on the relatively simple capability organizations can embrace to combat them.
In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.
Cybersecurity is in the headlines as never before, commanding greater executive attention. As the need for cybersecurity solutions has grown, record numbers of new technologies have emerged to fill the demand. But despite growing cyber spending, budgets for most organizations are finite—and so are the human resources to support and maintain the vast range of security tools they already own. It’s therefore essential to carefully scrutinize vendor offerings before signing on the dotted line.
Growing awareness of illusive networks Deceptions Everywhere™ technology recently led SANS Fellow, Dr. Eric Cole, to test our solution. Not only did he aim to successfully deceive an attacker, he also evaluated illusive’s scalability, manageability, and believability. The results of his (unsuccessful) efforts to attack a network and escape detection are contained in a new SANS Product Review - Deception Matters: Slowing the Adversary with illusive networks.
On February 29, 2017 illusive networks received a customer alert and initiated forensic analysis after malicious activity was detected on a certain endpoint in the network. Our Deception Management System identified the malicious activity as Spora, a variant of ransomware, which like Locky, silently encrypts files with selected extensions and then attempts to redeploy itself on additional hosts via elevated privileges. However, with Deceptions Everywhere deployed illusive networks diverted the ransomware from encrypting files on the original host - redirecting the encryption process to deceptive files - and more importantly thwarted the encryption of files located on the company's network shares.
Cyber criminals are coordinating advanced attacks on banks and financial institutions. If funds and customer information are stolen, it could compromise your institution’s reputation for years.
Recently, these increasingly sophisticated attackers have turned their attentions to wire transfer networks. The February 2016 attack on Bangladesh Bank revealed a sobering truth: the weaknesses in one bank’s cyber defenses compromise the security of all banks in that bank’s wire transfer network.
Do you have protections in place for when cyber criminals get past your firewall?