Cyber Attacks From The Point Of View Of Financial Enterprise
As we have repeatedly mentioned here in Hackercombat.com, hackers today are no longer interested in digital vandalism against systems and websites. Showing how good you are in cracking and hacking may give you a boost of ego, but the buck stops there, you may still end up behind bars when caught. Might as well earn huge amount of money doing a cybercrime, right? Yes, that is the main motivation of cybercriminals today, earn money. From the script kiddie category up to the high-level hackers who cause online bank heist, it is very clear that black hat hacking evolved from mere “I know it can be done” to “I will earn profit with this” kind of campaign.
It really shows, just look at how many cybersecurity news we publish here at Hackercombat.com. Cybercriminals have developed a deep arsenal of tools in order to dupe people and organizations of their hard-earned money. From identity theft, social engineering, phishing, banking trojans, ransomware and the most covert of all campaigns, cryptocurrency mining malware. The list goes on, and being an organization whose primary purpose is to grow its money as much as possible, the financial sector is in the crosshairs of cybercriminal organizations.
Having money to grow, while also carefully spending money for a mundane cybersecurity defense posture is a risky endeavor that many financial institutions, both public and private are engaging every day. As we enter the age where state-sponsored hacking organizations are organizing themselves to get ready for the next cyberattack, institutions that store a lot of personally identifiable information and financially liquid are the prime targets. We have featured more than a dozen cyber attack articles since 2017, about banks, lending firms and even public sector agencies that have something to do with taxation becoming a victim of certain attacks such as DDoS, ransomware and banking trojans.
“This is a useful way to think about cyber threats, because it is easy to map attacker motivations across to specific businesses, and subsequently understand to what extent they apply. Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk and implement appropriate mitigations,” explained George Michael, F-Secure’s Senior Research Analyst when asked to describe cyber threats against private organizations.
Mitigations are software patches designed to plug the security bugs that were discovered in hardware. However, it is not always a happy ending when it comes to installation of mitigations. We can review the case of Meltdown & Spectre of 2018 and the MDS exploit of 2019, revealing to the public that mitigation patches lower the performance of hardware. It is like being between a rock and a hard place, choose security and you will pay with the lower performance of the system, more particularly the CPU’s execution of code. Choose speed, and your system is exposed to security exploits and various cyber attack risks. Such choice is something system administrators wish not to decide on, as both security and hardware performance are important for any organizations. As mentioned earlier, not all hackers are operating for themselves, they are funded by nation-states. Such organizations have deep packets for establishing an effective research and development campaigns to develop much worst system exploits we have yet to witness.
“North Korea has been publicly implicated in financially motivated attacks in over 30 countries in the past three years, and their tactics are also being used by cyber criminals, particularly against banks. This is symbolic of a wider trend that we’ve seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals. If you don’t understand the threats to your business, you don’t stand a chance at defending yourself properly. Blindly throwing money at the problem doesn’t solve it either,” concluded Michael.
Julia Sowells946 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.