Kaymera Blog

Industry Focus: Mobile Security for Banking

Written by Maryna Gaidak | Mar 23, 2021 11:36:00 AM

Technology has played a key role in the creation of a sustainable work environment. The banking sector has been at the forefront in the uptake and installation of new information systems and technologies aimed at streamlining their business operation as well as creating strong brands. The new technologies range from the installation of automated teller machines (ATM), an electronic banking technology that allows customers to perform a self-service transaction that includes, deposit, withdrawal, payments of bills, and transfer of funds (Kagan, 2020). Electronic data management systems have also experienced an upsurge in the corporate world as many companies are shifting to the installation of electronic resource planning system (ERP).  

Cybercrime in corporate world

The increase in technology uptake in the corporate world has led to an increase in cybercrime. The new technologies have revolutionized not only the way organizations such as banks operate but also created a new generation of criminals that makes use of the technology to terrorize organizations such as banks.

When talking about mobile security for banking and cybercrime in the corporate world some of the major concerns among banks include distributed denial of service attacks that causes distraction and allows perpetrators to defraud banking channels. The banking sector also faces threats from ransomware attacks, malware, and insider threats that are designed to infiltrate into the information system and cause considerable damage. 

The following is a pictorial representation of how a cyberattack gets done.

Source: The Effect of Cyberattacks on the Banking Industry (Wallstreet, 2019)

 

As cyberattacks increase banks are at risk

 

The Federal Reserve Bank (New York) published a report in January 2020 that linked the increased number of cyberattacks to the interconnectivity of financial institutions. The report further claims that a cyberattack on any of the top five active banks in the US has the probability of affecting 38% of the network.

The report further found that an attack on six small banks with a total asset of less than $10 billion has the potential of threatening the insolvency of the top five banks in the US (Kuepper, 2020).

Banks in the United States are also more at risk of being attacked with cyberattacks emanating from China, Russia, and North Korea. Hacking that is sponsored by the state is among the biggest threat to the financial sector due to the resources that the state can bring and the crease of the magnitude of the attack. 

How safe are bank clients all over the world?

Consumers are less likely to sustain high damage and injury due to cyberattacks on financial institutions given that they have kept their information safe and have notified the banks in case they notice that funds are missing in their accounts (Kuepper, 2020).

The United States Federal Law holds that financial institutions should refund their clients in an event that someone takes money out of their account without the owner's permission and authorization and they notify the bank within 60 days of the transaction. Financial institutions on the other hand are less assured and protected with the federal law thus they stand to experience a great loss due to a cyberattack (Kuepper, 2020).

Cyberattack has become more of a concerning topic for the financial institution because unlike the consumer the banks would hardly recover any losses in case of a cyberattack. The following is a summary of the most recent cyberattacks involving financial institutions.

European Central Bank Technical Glitch

On 23rd October 2020, there was a software defect that led to a technical glitch in the European central bank system. The glitch affected the payment systems and led the bank to lose an amount exceeding EUR 400 billion deposits. The glitch lasted for approximately 11 hours under which deposits could not be processed.

 

The bank released a report whereby they acknowledge that the glitch was caused by a technical issue on TARGET 2. The issue made it difficult for banks and the central bank to check account balances and process transactions. Target 2 is said to be responsible for the facilitation of more than 2 billion euros transactions per minute (Paypers, 2020). On 23 October the application was subject to an attack that derailed the provision of a transaction for at least 11 hours.

Hungarian Banks DDoS Attack

The Hungarian banking sector and telecommunication service came under a distributed denial-of-service attack on 23rd September 2020. The attacks are believed to have originated from servers in Russia, Vietnam, and China as reported by Magyar Telekom. The attackers aimed at flooding the network with a tremendous amount of data traffic that would ultimately paralyze the system.

The attack led to disruption on the services of some of the financial service providers in the country. One bank, Hungarian Bank OTPB Bank, confirmed that it was among the financial institution that had been affected by the DDoS attack. The banks were able to fight off the attack in collaboration with the telecommunication company that had experienced the same type of attack.

Argenta ATM Attack

On 13th July 2020, a Belgian savings bank, Argenta fell victim to cybercrime and had to shut down 143 cash machines due to the attack. The report was filed by the bank itself although they did not disclose the amount of money that was lost due to the attack. It is believed that the attackers used a technique well known a jackpotting to get control of the cash machines. The attack led to the temporary closure of the banks.

Jackpotting works by infecting an ATM with malware either through online hacking or by physically installing the malware using a USB device. The malware mimics the slot machines leading it to release cash.  Jackpotting has gained popularity in the past among banks in Europe and Asia and in 2018 the menace was discovered in the United States of America (USA) (Nixdorf, 2020). The bank noted that the device had prevailed and decided to upgrade their systems and also shut down the affected 143 machines.

Monte de Paschi Bank Attack

Monte de Paschi Bank, an Italian bank has also been hit by a cyberattack. Through a notice to its client, it was noted that the bank had come under attack from cybercriminals who had attacked some of the bank's employee's mailboxes (Pymnts, 2020). The bank did not disclose the amount of data lost if there was any. This attack, however, summarizes the increase in the number of cyberattacks, especially during this pandemic period.

With governments initiating lockdowns hackers have found a crime haven where they pretend to be bank officials and extort information out of people. Banks like Monte de Paschi was a target of a phishing attack. Where innocent people ad employees of banking institutions are sent emails purporting to be someone they are not.

Australian Banks DDoS Extortion

A group claiming to be the silence that is a Russian advanced persistent threat (APT) threaten to launch a DDoS attack on Australian banks unless they get paid the ransom. The group has in the recent past been targeting banks and has been searched for by the Singaporean cybersecurity company-IB. the group is said to have expanded its geographical operations and its rate of attacks. It has also been established that the group uses phishing emails to infect innocent’s parties.

5 steps to prevent cyberattacks in financial institutions

 

  1. Creation of a secure and sophisticated password-protected hardware that is backed up by a 2- way authentication. When it comes to securing your institution from cyberattacks all the small and little effort play a big role in ensuring that the organization has the top-notch level of protection against possible intrusion by criminals.

    One important way in ensuring that the hardware systems such as the computers and machines are password protected and there is a mandatory period that allows the users to change their password.

    Creating a strong password and constantly changing the password prevents intrusion into the organization's social engineering and low-level hacks. Financial should ensure that all of its hardware is password protected with a two-way authentication system.

  2. Safeguarding the hardware of the company. A recent survey by IDC has noted that a great number of data breaches and cyberattacks sustained by financial institutions are a result of stolen data and information gets to the hands of hackers (Goud, 2021).

    For example, when an employee says working in research and development misplaces his or her laptop and the machines are found by a hacker who may cause data breaches. It is therefore important for a financial institution to create some protective measure that will allow the firm to hedge itself against any cyberattack that has been occasioned by the data breaches caused by sensitive data being found by hackers.

    The institution should create a cloud data storage that will ensure that sensitive data and information do not get lost and also the cloud feature should be adequately protected.

  3. Offering employee education on cyberattacks and training on ways that will help the firm to mitigate cyberattacks. In more than one occurrence we have witnessed employees being targeted by hackers through social engineering hacking techniques. Financial institutions should therefore embark on a mission of sensitizing their employees about the risks that are for example associated with using the unsecured network to access work-related information and data.

    Employees should also be warned about accessing unsecured websites and should shun sharing sensitive data and information on social media platforms. Password should also be restricted to only be used by the assigned party.

  4. Investing in cybersecurity insurance. The sophistication of technology has also led to cybercriminals becoming more zealous and sophisticated. Thus even the most advanced cyber network can be infiltrated by hackers.

    At the moment when even the most secure network falls victim to the more sophisticated cyber criminals, it is the cybersecurity insurance that will help in offsetting the impact of the cyberattack. Cybersecurity allows financial institutions to recover the monetary loss suffered due to cyberattacks and also in recovering lost data.

  5. Adopting advnaced communications security solutions. Banks and corporations worldwide use all kinds of detection and prevention systems and softwares, however, with cybercriminals becoming e4extremely advanced in their techniques, these solutions are not enough anymore. Implementing multi-layer security model is the real way out. MDMs and antiviruses cover only one side of the problem, while secure communications solutions should be used by these organizations despite all the existent tool to ensure an effective and  comprehensive threat detection and protection model.