banking

Turkish Bank Launches Blockchain Platform for Digital Gold Transfers

Turkey’s Takasbank announced the release of its blockchain-based gold-backed transfer system Dec. 30th. Developed by the Istanbul Clearing, Settlement and Custody Bank, the BiGA Digital Gold trading platform provides banks with a blockchain-based system for the issuance, repayment, and transfer of digitized gold.

Top 5 Cyber Threats Facing Banks in 2020

With all the cyber threats that exist today, banks are more vulnerable than ever to becoming the next victim of a malicious cyberattack. With the growing list of fintech solutions offered in banking and the most recent Cloud Hopper investigation released by WSJ, 2019 was an early indicator of cyberthreats still to come in the year ahead.

According to a new report released by the Federal Reserve Bank of New York, just a single cyberattack targeting one of the largest U.S. banks would likely have a major ripple effect on the global financial system. Even today, with a growing awareness of the cyber-risks involved in a banking sector driven by technology, there’s a greater risk facing banks than ever before.

With all this in mind, here are the top five cyber risks every financial institution should be prepared to defend against in 2020.

1. Credential Stuffing

Credential stuffing is a type of cyberattack that usually targets the personal data of banking customers. Using stolen account credentials, hackers can gain unauthorized access to user accounts using automated large-scale login requests. The stolen information can then be used to bombard websites and servers in order to try to gain access to critical IT infrastructure. This practice is known as credential stuffing.

List of keys and logins are often obtained via the dark web and allows hackers to save lots of time by avoiding the need to play the password guessing game.

“There is an automated process where the hacker can log thousands to millions of breached passwords and usernames using standard web automation tools,” says Brian Brannon, VP of security product strategy for Safe Systems, an IT security firm that works with community and small banks.

Credential stuffing differs from a brute force attack because in credential stuffing operations attackers are often using usernames and passwords that are known to have been good at some point or another. For banks, credential stuffing is an emerging and credible threat that will only get worse as the number of data breaches increases.

2. Cloud Providers

Cloud services come in very useful by helping banks offset IT expenses, boost system uptime and ensure their data is being stored safely. But the promises of the cloud have come with a few hard-earned lessons when it comes to customer data and security.

With so much information stored on the cloud, particularly for the use of public services, cloud providers have become easy targets for malicious attackers looking to gain access to financial institutions. To get a clearer picture of the problem, consider that over 1.4 billion records were lost to data breaches in March 2017 alone –– many of which involved cloud servers.

With the Wall Street Journal’s recent release of their investigation into the global hacking campaign known only as ‘Cloud Hopper,’ the true depth of the risks associated with compromised cloud data couldn’t be more evident, or alarming.

For the Cloud Hopper attack, hackers known as APT10 gained access to cloud service providers, where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them for years.

According to WSJ, the attack went far beyond the 14 companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp.

To make things worse, investigators said many major cloud companies stonewalled clients as to what was happening inside their networks. Contrary to what many bank executives might think, the sole responsibility for protecting corporate data in the cloud lies with the cloud customer, not the service provider. Hence, no cloud provider is legally or contractually obligated to ensure the safety of customer data –– as much as they may promise to do so.

3. Phishing Attacks

Phishing is a common type of cyberattack that’s often used to steal user data, including login credentials and credit card numbers. But lately, there’s been an increase in phishing attacks targeting bank employees. Phishing occurs when an attacker tricks an unsuspecting victim into opening a malicious link, leading to an installation of malware which then freezes the system as part of a ransomware attack.

An attack can have devastating results on a business –– especially a financial institution like a bank. Phishing can be used to gain a foothold in a network as a part of a larger attack like an advanced persistent threat (APT) event. In this scenario, an employee is compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

With access to an employee’s email account, cybercriminals can read a bank’s sensitive information, send emails on the bank’s behalf, hack into the employee’s bank accounts, and gain access to internal documents and customer financial information. This can result in millions of dollars worth of damage in both financial and reputational risks for the institution and its employees.

4. Ransomware

Ransomware is a type of malware that encrypts data, making it impossible for the owners of that data to access it unless they pay a hefty fee. In March 2017, the WannaCry virus spread independently through the networks of unpatched Microsoft Windows devices, leaving thousands of computers infected and making off with a total of 327 payments totaling $130,700.

Although ransomware has costs businesses more than $75 billion per year in damages (Datto), ransomware still remains one of the most common forms of cyberattack. Banks remain top targets for ransomware attacks, as cybercriminals follow the money for big payoffs. According to a Kapersky Labs report, cybersecurity statistics show attacks were launched from within more than 190 countries, with financial services the second most targeted industry after healthcare.

Successful ransomware attacks, especially on smaller banks, are the result of a lack of IT resources, outdated security tech and protocols, and inadequate endpoint cyber-protection. To help protect themselves against ransomware, financial institutions should place many uniquely-tailored protection layers throughout their networks –– each one acting as an obstacle to block malicious software attacks.

5. Internet of Things (IoT) Exploitation

While a majority of exploitation attempts stem from software vulnerabilities, they can just as easily begin from vulnerable pieces of hardware. Anything from an employee device to a router connected to an unsecured network can put an entire organization’s digital infrastructure at risk

For many CISOs, this may sound like preaching to the choir –– but unbeknownst to many is how easily exploitable their IoT devices are since they’re often not required to have the same level of security scrutiny as computers. Unsecured IoT devices, such as, home routers, printers, and IP cameras are all vulnerable to attack. 

As institutions continue to connect more gadgetry to the internet, the number of potential security weaknesses on their networks are also more likely to increase. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Once they have an entryway from an IoT device, they have full access to the entire network, including all customer data. 

Today’s hackers also have the unfavorable ability to easily exploit a bank’s API system since many legacy APIs weren’t designed with the cloud in mind. This leaves many systems vulnerable from the get-go –– and open banking has just been making the problem worse.

What Banks Can Do

If after reading this article, you’re starting to doubt the security of your organization’s IT structure, know you’re not alone. Here are just a few methods you can adopt in order to create a more safe and secure digital landscape and defend against potential cyberthreats.

1. Assess Your Cloud Security

Regularly review your cloud infrastructure to ensure it’s up to date. Assess your cloud security’s current state compared to security benchmarks, best practices and compliance standards.

2. Monitor Your Cloud Security

Use a vulnerability management tool to help you automate threat detection and protect against potential threats before they become a problem.

3. Establish Strict Access Management Policies

By only providing access permissions to employees who require it, you’re ensuring your organization is well-protected from within –– especially if you employ contractors or part-time workers.

4. Establish a Disaster Recovery Plan

Having a plan in place helps you avoid data loss and allows your to minimize downtime after a disruption. This only works if you backup your data regularly and often.

5. Encrypt Your Data

Encrypting your data cryptographically, and protecting the cryptographic keys to that kingdom, ensures your most sensitive digital assets are always protected –– even if your IT structure is critically compromised.

Want to learn more on cyber threats and Hub Security? Leave your details and we will get back to you shortly


CBDCs Are on the Rise, Are Banks Prepared?

As more investors and businesses turn to the tokenization of digital assets, there’s no stopping the inevitable rise of digital currencies worldwide.

State Street Turns to Tokenization in an Unguarded Digital Era

In a recent survey by the quantitative analysis firm Oxford Economics, 94 percent of State Street clients hold digital assets

Wyoming Takes the Lead in Blockchain Regulations, Will Others Follow?

Wyoming announced last month it may be the first state to make ‘blockchain banks’ a thing. If this sounds strange to you –– it’s because legally and conceptually it is. To date, hundreds of cryptocurrencies have roamed the blockchain network unchecked and unregulated.

When blockchain technology first emerged, many thought cryptocurrencies would change everything –– from how we make purchases to how we invest. But institutional investors need more than a cryptocurrency ledger to satisfy regulators that they can protect customers’ assets.

Now Wyoming is looking to change all that with the introduction of Bill H.R. 2144 (116) to the Wyoming State Legislature. Announced November 11th, the Bill outlines a path to legalization of SPDIs –– legally known as “special purpose depository institutions” –– which would serve business unable to secure FDIC-insured banking services due to their dealings with cryptocurrency.

Since February, a number of important bills were passed in Wyoming aimed at building the infrastructure for what will soon become the most crypto-friendly state in the US. In January, Wyoming’s Senate passed a bill allowing for cryptocurrencies to be recognized as money, and the same month passed another bill defining certain open blockchain tokens as intangible personal property. It’s even rumored that five new “blockchain banks” could bring as much as $20 billion in assets into Wyoming by 2020.

The rapid innovation of blockchain technology and the growing use of virtual currency and digital assets has resulted in many blockchain innovators being unable to access secure banking services. These kinds of bureaucratic legislative hiccups continue to stall the development of blockchain services and products in marketplaces the world over.

Now that’s all about to change, with Wyoming of all states leading the way to a more secure crypto future. With the newfound legal foundations for crypto-based products in place, young companies will now be left to face their next big challenge: protecting their customers’ digital assets from digital threats.

As long as innovators continue to use blockchain, legislators will need to keep pace with the rapid advancement of such technologies –– or lose out on the opportunity to provide the much-needed legal infrastructure for what is still known as the ‘wild west’ era of blockchain technology.

The Rise of Blockchain Banking

As the financial industry begins its long-awaited move to adaptive blockchain technology, many banks are becoming increasingly open to the use of crypto-based solutions for digitizing assets. It’s no secret the future of banking is digital for many financial institutions looking to modernize their product offerings. It even appears likely we’re headed toward an era of national digital currencies backed by central banks. Hats off to Mike Orcutt.

But HSBC’s decision to be the first financial institution to move $20 billion worth of assets to a blockchain platform is possibly enormously rewarding––– or risky. While the future of blockchain-based platforms such as HSBC’s Digital Vault looks promising, security experts voice growing concerns over the management of such large amounts of digital assets.

While the rise in usage of blockchain technology has made financial asset management more transparent and accessible, the crypto world has seen its fair share of threats over the past decade. From Binance to Bitpoint to Quadriga’s wild story, the industry’s shift in reliance on the blockchain has its own perils.

Blockchains are particularly attractive to hackers since once they gain access to the private keys it’s game over and fraudulent transactions are very difficult to reverse(if at all). While blockchains have unique security features, they also have their unique vulnerabilities. As banks expand their digital solution, they will continue to face continuous ongoing threats to their blockchain infrastructure. As long as vulnerabilities as these exist, banks must learn to embrace innovative solutions that can keep their most sensitive assets secure.

 

Today we know that marketing tactics which branded blockchain technology as unhackable were simply misleading ––– and wrong. In total, since the beginning of 2017, hackers have stolen nearly $2 billion worth of cryptocurrency, mostly from exchanges, and that’s just what’s revealed publicly. Contrary to popular belief, these attackers aren’t just lone opportunists either, they’re sophisticated cybercrime organizations. According to Chainalysis, just two of these groups, both of which are still active today, have stolen a combined $1 billion from exchanges.

Whether the future of banking relies on the blockchain or paper-tracking is still up for debate. But if history teaches us anything, it’s that we’re still not out of the woods when it comes to protecting our most sensitive piece of data. Even if we’re HSBC. 

 

To learn more and schedule a live demo with Hub Security, submit your details below.

 

Request a Demo





Scroll to top