• About Us
  • Certifications
  • Associations
  • Partnerships
  • News
  • Articles
  • Webinars
  • Careers
  • Contact Us
• Technology Services
  • Network Design and Implementation
  • Network Advantage (IT Support & Maintenance)
  • Virtualization
  • Data Storage and Protection
  • Disaster Recovery
  • Technology Strategic Planning / Assessment
  • Network Monitoring/Management
• Security Services
  • External Penetration Testing
  • IT/GLBA Audit & Assessment
  • Information Security Program
  • Security & Compliance Consulting
• Aspire Hosting
  • Cloud Hosting
  • Email Hosting
  • Email Filtering and Encryption
  • Support
• Tandem Software
  • Risk Assessment
  • Business Continuity Planning
  • Information Security Policies
  • Vendor Management
  • Internet Banking Security Program
  • Identity Theft Prevention Program
  • User Group Conference
• Blog
  • Recent Posts
  • Archive
  • RSS Feed

Social Engineering Attacks

Don’t be that bank in the news

By Russ Horn, CISA, CISSP, Chief Operations Officer
CoNetrix Security and Compliance Consultant

This article was published in the November/December 2010 issue of the Western Independent Banker

On January 26, 2010, six employees of a regional community bank received an e-mail purporting to be about a recent wire transfer. Three of the e-mail’s recipients were suspicious of the message and reported it to their IT group. The bank’s IT group verified the e-mail was a phishing attack and deleted it from the six employee e-mail accounts; however, one of the employees had already forwarded it to the bank’s wire person.

The e-mail included an attachment called "detailspdf.zip" containing a file called "detailspdf.scr." This file is a Trojan, malware used to download further files onto the attacked computer. The wire transfer employee tried to open the file (assuming it was legit since it was forwarded to her by a bank officer). Apparently, the trojan then downloaded the additional programs the attacker needed to steal the username/password to login to their wire transfer website. With the login information, the attacker attempted to transfer funds to accounts overseas. In this case, at least part of the attack was prevented by a requirement for different individuals to initiate and approve all wire transfers. The attack appears to have originated from England.

This story is enough to keep many of us up at night, but simply do an Internet search for "bank security breach" or "bank social engineering attack" and you can read many more – and for every one you read on the news, you can bet there are many more attacks or attempted attacks that go unreported. So, what can we do to protect ourselves from these types of attacks? The answer is a layered security approach. Let’s take a look at controls that could have helped block the spear-phishing attack mentioned above.

SPAM Filtering

SPAM filtering, or e-mail filtering, is the process of detecting unsolicited and unwanted e-mails and preventing those messages from getting to a user’s inbox. While not foolproof, effective filtering can remove many malicious e-mails before they ever reach your employees. In this case, the bank did have a SPAM filtering solutions, but it was not filtering out zip files, so the e-mail made it through the first layer of protection.

Security Awareness Training

Community banks spend hundreds of thousands of dollars on security technology, but oftentimes the most valuable security control is still neglected: your employees. A well-trained eye and conscious mind can help us avoid most potential attacks. In the Social Engineering attack highlighted earlier, several employees did recognize the e-mail as an attack; however, their response stopped short when they only had IT remove the e-mail from the employee’s inbox. They should have notified all employees (or at least those that received the e-mail) about the attack and used it as an opportunity to educate. In doing so, they may have headed-off or discovered the attack much sooner.

Antivirus Software and Patch Management

Antivirus software and patch management are the fundamentals of a secure defense system. They are common terms and we all know they are required, but somehow they still seem to get neglected. A later test revealed the antivirus software the bank was using should have detected and blocked the malicious software, so why did it get through? It appears the bank did not have the antivirus client configured correctly on the wire transfer system to scan files as they were accessed. This is commonly referred to as "real-time scanning."

Remove Local Administrator Privileges

By providing users with Local Administrator access, you are granting the users the ability to install software on bank systems and are, therefore, increasing the risk of successful spyware, malware, or other malicious attacks. In many cases, there is no business reason for giving users this level of access. In the case above, if the user had not had Local Administrator privilege, the attack would have been stopped.

Multi-Factor Authentication for High Risk Systems

It is no longer acceptable or wise for users to only use passwords for accessing high risk (web-based) systems. Best practices now require at least two factors for authentication: "something you know" (password); "something you have" (token); and "something you are" (fingerprint). In the case above, if the bank had used true two-factor authentication, the attack could not have been so easily conducted from overseas.

Intrusion Detection System / Egress Filtering

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are often used to help identify, and protect against attacks. Traditionally, IDS systems monitored traffic from the outside in. Egress Filtering is the practice of monitoring and/or restricting the flow of traffic from the inside out. Some IDS/IPS systems today include egress filtering. Both of these technologies can help detect and reduce cyber-attacks.

View More Articles

 

• About Us
• Certifications
• Associations
• Partnerships
• News
• Articles
• Webinars
• Careers
• Contact Us

© 2012 CoNetrix  |  Legal Notice  |  Privacy Policy  |  Contact Us
5214 68th Street, #200  |  Lubbock, Texas  79424
806.687.8600  |  800.356.6568

Connect with us on: