August 15, 2016
Banks and other institutions are facing an era of mega cyber heists, according to the lastest findings by threat researchers in the financial sector.
Elite cyber criminal groups are investing heavily in penetrating high-value payment platforms, high-value corporate and banking networks, and payment processes such as Swift.
The theft of up to $1bn from financial institutions worldwide by the Carbanak criminal gang, uncovered in February 2015, was considered by many as marking the start of a new phase in the evolution of cyber crime.
“Hackers targeting financial institutions are much more professional than they used to be,” said Troels Oerting, group chief security and information security officer at Barclays and former head of Europol’s European Cybercrime Centre (EC3).
“They take their time, they look at the processes, they have good resources, they are very adaptive, and they are more dedicated to going after bigger prizes rather than going after easier targets with smaller prizes,” he told Computer Weekly.
These elite groups typically use social engineering and invest a lot of time in identifying who in a bank has privileged access to payment platforms to target them exclusively to steal their login credentials.
As part of this process, elite criminals are using high-tech tools such for big data analysis and social mining, said Oerting, unfettered by the privacy regulations that defenders have to work within.
This means that if cyber criminals can get some credit card data through one data breach, they can use these tools to search and analyse social media and other sources to fill in the missing details.
“In this way, they can add things like date of birth, maiden name, address, pet names and other personal data to build up complete personal data sets for individuals,” he said.