Cyberattacks on financial institutions – using digital transformation to widen the attack surface
Digital transformation opens a plethora of new attack vectors, be it remote employees outside of the security perimeter or usage of 3rd party services in supply-chain attacks. According to Statista’s data, in 2022, there were 1,829 reported successful cybersecurity attacks in the financial industry worldwide (counting incidents concerning the institutions themselves, not attacks on the customers via phishing and other techniques), and 477 significant data breaches. And those are only the successful ones – the Banking Journal states that more than 60% of large financial institutions were targeted by different cyberattacks.
The types of attacks and goals of the attackers differ – there were attacks ranging from trying to steal data, making the service inaccessible for the clients, and luring money out of the clients via spoofing websites or apps (this is called a “watering hole attack”). The Banking Journal states that 64% of institutions in the survey reported attempts to exploit vulnerabilities in their apps, 40% had been a target of attacks attempting to deploy ransomware, and around a half were a target of an attack which aimed to steal sensitive data from the institution’s databases.
What can the institutions do to protect their data?
There is no one all-encompassing protection which is able to secure all of the vectors. Given that the financial institutions are highly desirable among hackers, it is vital to employ a combination of multiple protective layers.
While all financial institutions use end-point protection (such as an antivirus software), firewall, and intrusion detection systems, it is crucial to add a layer which protects all of the devices on a network level, ideally one which is able to stop threats the standard solutions miss. This means finding a protection against phishing, DNS tunnelling/DNS spoofing, attacks on various IoT devices in the network, and threats using human error as a vector, since people are the weakest link in any security perimeter.
Moreover, given the number of employees and processes within the institution, the protection should not add to the IT department workload, and ideally the rest of the staff should not even notice any change to their usage of any device, so that there is no need to train the employees or require them to do any installation and maintenance.
Ideal new layer for the next generation of threats – protection on the DNS level
Almost all malware needs to communicate with its authors at some point, be it C&C botnet, ransomware or trojan sneaking into a client database. And over 95% of the contact has to go through a DNS resolver – that is where the malicious domains can be filtered out and the traffic directed at them blocked. The same goes for phishing and various scams which require the users to click on something or to insert their credentials; the secure DNS resolver simply cuts off the communication with the suspicious domain to ensure that no harm has been done. Moreover, thanks to the DNS monitoring tools, the IT staff can be notified of any incoming attack the second it is blocked.
Secure DNS resolver with features ideal for financial institutions
For financial institutions, the ideal choice is the secure DNS resolver Whalebone Immunity, which after activation (usually taking 4–5 hours) instantly protects all of the devices in the network in all of the institution’s buildings with no need to install and maintain any software or to train the employees in any way. This also mitigates a risk of employees who failed to remember their security training and thus use shadow IT or click a malicious links in homograph phishing messages.
Special features which are especially important in the finance sector include protection for employees at home-office or business trips, where the networks are usually much less secure compared to the one on company premises. Also, monitoring and alerting of leaks of sensitive data – such as login credentials and passwords – is included to make sure that the attackers can’t abuse data leaked by third party services (such as in the case of past leaks from LinkedIn, Canva or Adobe databases, where users often use company credentials to log-in).
It is readily integrable with DNS FW & network segmentation, SIEM/Log management, Office365 & MS Azure, endpoint, anomaly detection, DHCP and takes care of DNSSEC — SMTP and HTTP/HTTPS communication.
As a neat extra feature, Immunity offers content filtering options which enable the company to make sure that the work environment is as safe, effective, and work-appropriate as possible.