Financial institutions worldwide suffered numerous cyberattacks in 2018. For instance, cybercriminals targeted seven of the largest European banks in April, including the Royal Bank of Scotland, Santander and Tesco Bank, in April, unleashing an immense distributed denial of service strike that crippled operations and cost the parties involved hundreds of thousands of dollars in mitigation expenses, according to the National Crime Agency, the law enforcement body that investigated the attack.
A similarly serious situation unfolded one month later, when another group of hackers infiltrated the servers at the Bank of Mexico and executed fraudulent transfers totaling 300 million pesos, or $15 million, Reuters reported.
Unfortunately, this nefarious activity will undoubtedly continue throughout 2019, as banks and other financial institutions have become primary targets for both internal and external threat actors intent on committing fraud by exploiting the machinations of modern, online money management. With this in mind, leaders in the space would be wise to familiarize themselves with some online banking cyberattack methodologies poised to evolve over the next nine months. Here are three of those essential threats:
The weaponization of biometrics
Banks everywhere are investing billions in biometric technology - and for good reason. This innovation allows account holders to seamlessly access their money via seemingly inimitable physical traits such as fingerprints and retinal patterns, negating the need for clunky and easy-to-crack multi-factor authentication workflows. More than half of consumers worldwide support the technology, which is the reason that financial institutions have identified biometrics adoption as a top strategic priority for 2019, per analysis from Clearbridge Mobile. However, while biometrics holds significant promise for banks and the customers they serve, it also comes with risk, as hackers have already begun exploring possible attack vectors designed to exploit the technology, according to Kaspersky Labs.
These proof-of-concept strikes are expected to center on sensor manipulation and spoofing, or specifically target users whose devices feature biometrics hardware in decline due to overuse, Experian found. Of course, simply breaking into biometrics data caches is another available option, one that the hackers who breached the Indian government's massive authentication program - which contains fingerprints and retinal scans from more than 1.2 billion people - used, Quartz reported.
The maturation of supply chain attacks
Few business operate in isolation. In today's connected marketplace, organizations must cultivate and maintain close relationships with external service and solution providers, including financial institutions. Most banks collaborate with multiple vendors - most notably, mobile payment companies that securely process account holder transactions. Sadly, these essential outside partners are often at the center of major data breaches. For example, hackers famously raided the servers at Target back in 2014 due negligence on the part of a heating, ventilation and air conditioning vendor, per the International Data Group. These cybercriminals managed to make off with personally identifiable information for approximately 110 million customers, all without having to face corporate-level digital defenses. Numerous nefarious actors have copied this strategy in the years since. However, 2018 was the breakout year for the so-called supply chain strike, as significant data security authorities, including the U.S. National Counterintelligence and Security Center, formally recognized this cyberattack type.
Supply chain strike deployment will continue in 2019, according to Kaspersky Lab. While smaller hardware and software providers are certainly implementing techniques and tools designed to bolster server security, most are not prepared to repel threats from serious cybercriminals. This poses an immense problem for financial institutions, especially those navigating the banking space in Europe, which has become more open following the implementation of the revised Payment Services Directive.
The expansion of skimming
Despite the emergence of mobile payment technology, card-based transactions still dominate the global banking arena, accounting for 67 percent of the worldwide payment mix, per research from Capgemini. Unfortunately, for as long as these pieces of plastic have existed, so has skimming. This relatively unsophisticated cyberattack methodology involves installing fraudulent hardware or software on legitimate physical payment terminals that reroutes account holder financial information to nefarious third parties. Skimming is an immensely effective approach, and hackers have leveraged it to steal consumer data from point-of-sale terminals everywhere from standalone petrol pumps to major corporations like British Airways, according to Experian.
Hackers are expected to push skimming technology forward in 2019, rolling out new more clandestine strategies designed to evade data security programs and personnel. For instance, some cybercriminals are targeting pin and chip-style POS hardware via paper-thin shims that contain microchips and onboard storage components capable of recording card information, Experian discovered. "Shimming" as data security authorities call it, represents the next phase in skimming and could affect countless customers throughout the year.
With these serious cybersecurity threats in play, financial institutions worldwide must take action to protect their mission-critical IT infrastructure and the account holders whose finances hinge depend on it. Here at buguroo, we develop and deploy an advanced fraud detection platform centered on behavioral biometrics. Our solution, called bugFraud Defense, records users' actions and compiles detailed behavioral profiles, which are compared against real-time system activity. Should irregularities arise, the solution notifies the appropriate parties who can then perform mitigation work. bugFraud Defense comes equipped with network and webpage review tools that can detect hackers attempting code injection or connection masking attacks.
Is your financial organization interested in adopting this technology to prevent data loss? Connect with buguroo today to learn more about the bugFraud Defense platform and how it can help your bank harness the power of behavioral biometrics.