Banks on the APT threat targeting - IT infrastructure protection

The protection of IT infrastructure against cybercriminals is one of the most important challenges facing IT managers in the banking sector. Despite the ongoing efforts of banks to protect their clients and their resources, attacks on these institutions are becoming more and more common. According to Barracuda Networks, a producer of IT security solutions, APT (Advanced Persistent Threats) attacks are increasingly used to attack financial institutions, allowing for a slow but very effective attack.

Advanced APT attacks are targeted attacks, i.e. targeting a specific institution. Their purpose is to damage or steal confidential data. What is particularly important in these attacks is the fact that they are difficult to identify and may remain unnoticed for years. APT threats are undetectable by standard security systems, so attacks using them can be directed at the very heart of financial institutions. Despite the collateral held, banks are aware of the attack when it is too late to take any action.

Recently, more than one hundred banks have been victims of Carbanak APT. This threat was created to spy on the infrastructure of the bank and its employees, causing total losses estimated between 300 million and 1 billion dollars. Carbanak has hit the network of ATMs and SWIFT (Global provider of secure financial information exchange services). According to Barracuda Networks experts, the threat has penetrated into the bank network via infected e-mails that were sent to victims (phishing). Mails usually contained a fake Word document that used the vulnerability on the local workstation to spread among other computers on the network. The attacks were very well organized, because the cybercriminals were constantly watching their goals, in this case the banks and they perfectly understood the way they operate. Those responsible for this attack even went so far as to monitor the behavior of some employees in order to better understand how these institutions function.

Detection of APT attacks in a standard way is impossible, which is why Wojciech Kraśniewski, a certified engineer of Barracuda Networks , recommends:

  • launching a multi-level protection based on IPS / IDS systems;
  • installing an antivirus program at the end stations and anti-virus with the sandboxing function on the gate;
  • division of the network into sections containing client computers, systems containing confidential data, servers with general content - and verification of traffic sent between networks;
  • updating of end systems;
  • two-factor authentication;
  • continuous increase of users' awareness.

Compliance with these recommendations will not eliminate susceptibility to such attacks, but will minimize them.

source: Dagma.pl



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.