Digital assets are anything that is available in binary form, as well as the rights to use it. Digital assets are frequently used to refer to digital documents, audio recordings, motion images, and other pertinent data. Logos, pictures, films, ads, animations, media, and electronic mail are examples of digital assets. If digital assets bring value to an organization, they are valued. Yet, despite their critical relevance, banks confront an ever-increasing threat from malicious people (Kshetri, 2010).
Websites, ads, social media platforms, and applications are some of the digital assets of banks that are vulnerable to malicious threats. It is the consideration that the digital assets are not within the organization’s firewall thereby raising the risk exposure. What is more, the banks rely heavily on third party code to power track, analyze and serve the organization’s advertisement plus assisting in retargeting. All this provide additional attacks vectors and loopholes which could serve as beneficial to mischievous users.
How they Pursue their Targets
Cyber criminals are certainly exceptional and very sophisticated individuals considering how they carry out their operations. They are always innovating superior ways that would shield them from detection and notice while engaging in their activities. Concerning that, they have taken advantage of some of the most cunning ways in pursuit of their targets.
One of the strategies is the social engineering exploits that they heavily rely on. The hackers can deceive officials working in financial institutions by sending them impersonated emails. In the emails, they ensure they have put in place a verification procedure that lures employees into providing their personal details thinking it is a legitimate source. Afterward, with those credential and log-in details, they can maneuver in their ways and fulfill their motives as per their plans of action (Choo, 2011).
The other way that they pursue their targets is by the use of malware. It is a piece of malicious software that can spy on an organization's systems. Additionally, it captures all relevant details associated with logging into the system. The hackers then acquire in-depth procedures and operations of the firm's activities thereby enabling them to launch successful attacks (Choo, 2011).
Their Means, Methods, and Motives
Considering the attacks carried out in financial institutions, there are quite some issues that lie beneath. The matter needs to be properly examined to uncover the means and methods used by the hackers to carry out their operations additionally what drives them to engage in such unlawful acts. It would be the only way in which the matter could be laid to rest and perhaps curbed to avoid it becoming a significant threat in the future.
The hackers are integrating various means and methods in their operations. Among them is the use of malicious software that can infiltrate into institutions networks and systems (Kshetri, 2010). The aftermath of such attacks is the tracking and mapping of the firm's operation which uncovers their secret information that could expose them to vulnerabilities among other attacks.
The other method hackers are integrating into their activities is phishing. In such instances, they trick financial institution officials into submitting their system credentials and log in details through impersonating as executives (Kshetri, 2010). When such an activity becomes a reality, they use the information to undertake false transactions in disguise of the officials leading to financial loss of the organization. The information is also subject to third party individuals, and it could be sensitive. Releasing it could amount to damaging of the company or ruining its business. Thereby, they use the messages as weapons to arm twist the financial institutions into meeting their demands.
There are numerous motives guiding hackers in quest of their activities. Notably, they are targeting financial institutions more than any other industry. Among the reason that could get attributed to this turn of events is the financial motive (Kshetri, 2010). An increase in the use of technology in the financial sector has tremendously increased the number of transactions taking place. The situation has, therefore, caught the attention of cyber criminals who are gearing themselves towards profiting from the turn of events and achieving their personal goals. Another reason related to the profit motive is that hackers quickly noticed the existence of many loopholes in the systems that could serve as potential target tools. It is due to the weak security mechanism in place hence driving their ambitions towards the need of benefitting from the circumstance.
The other motive for such activities could be political reasons. Technological advancements have led to the rise of a new phenomenon known as cyber warfare (Von Solms & Van Niekerk, 2013). Young and smart tech savvy individuals are getting recruited and financed to carry out attacks on other countries (Williams, 2001). Besides that, competition and business rivalry are making the matter worse as enterprises gear themselves towards gaining a larger market share hence employing all means possible to achieve their objectives. The hackers could also be politically motivated on their personal level and using such attacks to voice out various concerns that bother them.
Actual Attacks that have occurred in other Banks
During 2013 in Kiev, an ATM of a particular bank began dispensing money randomly. In what rather seemed ambiguous was that no one had inserted a card into it or interfered with the system. There were camera footages showing customers present at that time picking up money at the location where the ATM got targeted. The scenario presented another instance of the hacking menace in the financial industry. Reports indicated that the bank system used by employees for bookkeeping had got infected by malware and that gave access to hackers who could record all the moves and processes (Von Solms & Van Niekerk, 2013). The software was in place for quite some time and could send the cyber criminals video images and feeds of the bank's daily operations and procedures. The criminals would, in turn, impersonate the bank officials allowing them to activate various cash machines. In addition to that, they would transfer millions of dollars in overseas accounts located in Switzerland, USA, and Europe among other locations in different regions. The operation was on a broad scale and targeted numerous banks.
Another example of a similar theft took place in Bangladesh Central Bank where close to $101 million got anonymously lost. The event took place via the bank’s account at the New York Federal Reserve Bank which the incident got traced to the penetration of SWIFT’S Alliances Access Software. The penetration of the system wasn’t the first attempt as there were numerous previous efforts. In a twist of events even before the matter could calm down, another hacking case hit the Commercial Bank of Vietnam. Both attacks were similar in that the systems got affected by malware that gave access to the SWIFT software enabling hiding of sent messages. The malware would send messages of theft of funds and later on got rid of the transfer records in the database and progressed to prevent message confirmation exposing the issue (Von Solms & Van Niekerk, 2013). In the Bangladesh case, confirmation messages appearing in the reports got altered during the printing phase and also changing of PDF reports to conceal the details. Despite the two attacks, there was also an attack in Ecuador when Banco del Austro funds got transferred in a similar way to bank accounts located in Hong Kong.
Attack Patterns Used in Banks Previously
Over the past years, the financial world was taken by storm over major attacks on banks by cyber criminals. The massive loss of funds in the attacks raised the alarm and there was the need for banks to efficiently and effectively audit and monitor their systems regularly. It was with the sole purpose of uncovering suspicious activities that could be taking place or are about to take place. Regarding that, some common patterns were brought into light which hackers used to gain unauthorized access to the target systems and undertake their operations.
One would be targeting the digital infrastructure used by banks for weaknesses in them and then taking advantage of the loopholes that connect banks to the global SWIFT (The Society for Worldwide Interbank Financial Telecommunication). An example would be obtaining of valid credentials for SWIFT's software unlawfully. They would, in turn, use the information to initiate transactions by sending valid messages on behalf of the banks. If all that is undetected during the operations, the recipient would approve the services and facilitate cash transfers which would go to dummy accounts operated by the cybercriminals located overseas among other locations (Choo, 2011).
The other attack pattern is the use of malicious malware (Choo, 2011). The malware gets sent to the banking official and employees concealed in emails. In the event you download the email without detection, the system becomes susceptible to the infection. The infected system takes quite some time before the malware becomes visible. The situation poses a significant challenge in that the malware is now able to trace all operations and activities undertaken by the bank sending real-time details to the hackers. With such upper hand exploits, the criminals are now able to attack the target by mimicking the bank's officials, therefore, manipulating the systems according to their wishes on top of conducting successful raids.
Most Dangerous Topic that Got Discussion
The most critical issue could be on cyber security (Von Solms & Van Niekerk, 2013). It is because the issue is becoming more complex to comprehend, control and mitigate thereby exposing clients and organizations to the vulnerability of attacks. Hackers and other criminals are turning out to be more sophisticated and maintaining a lead in their activities which seems to be overstretching cyber security experts in their mitigation tactics and, therefore, making it difficult to predict their motives. Advanced technologies and methods to infiltrate systems are on the rise in addition to them getting organized and well financed criminal activities (Williams, 2001). It is hence posing an enormous threat which when not taken care of urgently could spill over and become a menace.
Well-Known Attacks that Need Preparation
Regarding hacking incidents, several attacks pose significant challenges to financial institutions. The attacks to some extent seem not much of primary concern for businesses but rather technology, however, the scope of the damages they could cause is immense. Therefore, there is the need for serious consideration in the cyber security issue to ensure the safety of digital assets among other related attacks.
Business email compromise is one of the attacks facing banks that require adequate preparation to ensure the security (Williams, 2001). In such a situation, an employee receives an email from an executive ordering the transfer of large sums of money. Since the employee is intent on following the orders, he approves the transactions, and the funds get transferred. However, the email is not from the executive but rather a cyber criminal impersonating the executive, therefore, leading to a massive financial risk for the institution.
Distributed Denial of Service (DDoS) is the other attack (Williams, 2001). In this situation, financial institution and other firms want unmatched popularity for their digital assets such as websites but not overwhelmingly that could lead to them crashing. Hackers take advantage of such situations and use DDoS attacks to send unnecessary traffic to the sites. Subsequently, the websites get overwhelmed and crash leading to temporary paralysis due to overloading. The criminals then demand a ransom to avoid similar attacks in future from their targets.
Malware is the other popular attack that requires thoughtful consideration. Malware that manages to get access to the system destroys and steal data on top of rendering the networks inoperable (Williams, 2001). In the event such an attack occurs, the firms and clients get exposed to possible financial loss. In most cases, the malware is downloaded accidentally when the user clicks links to credible sources but which are in fact malicious. Care should be in place since uncovering a malware infection is rather difficult.
The other widely known attack is phishing. Hackers impersonate legitimate enterprises and other institutions to trick employees into stealing their sensitive data such as passwords and credit card details (Williams, 2001). On getting such crucial information, they tend to cause havoc by exploiting the situation. They can also skim payment card details of clients among other electronic payment services and leave the customers helpless to serious financial ruin from the attackers.
The other prevalent attack is ransomware. Here, the hackers use a sophisticated malware that tends to restrict users access to their devices and network. They are then made to pay ransom to the attackers through digital currency to avert the situation and avoid future consequences (Williams, 2001).
References
Choo, K. K. R. (2011). Cyber threat landscape faced by financial and insurance industry. Trends and Issues in Crime and Criminal Justice, (408), 401-420.
Kshetri, N. (2010). The global cybercrime industry: Economic, institutional and strategic perspectives. Springer Science & Business Media.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97-102.
Williams, P. (2001). Organized crime and cybercrime: Synergies, trends, and responses. Global Issues, 6(2), 22-26.