Are Indian Banks Ready for the Next Wave of Financial Cyber Attacks?

Rakesh Kharwal, Managing Director - India, South Asia & ASEAN, Cyberbit Holding an Engineering degree from Sir M Visvesvaraya Institute of Technology, Bangalore, Rakes boasts of a 25+ years long career with proven excellence in the areas of Operations, Consulting, Marketing & Sales, and IT Infrastructure Security & Management.

Financial cybersecurity is more or less like the ‘physical’ security mechanism at a bank. As security personnel, you have to ensure that there isn’t any loopholethat can be leveragedto rob a bank. So, you have to safeguard the gates (both entrance and exit), the infrastructure (to avoid events like tunnelling, wall cutting, and others), and even protect the bank from any insider threat (such as swindling, embezzlement, and others). Obviously, this security shouldn’t hamper with the day-to-day functioning of a bank.

Irrespective of how secure a bank is, there are always chances that it can still be robbed despite the constant availability of an effective security mechanism. The only thing that makes a difference in this context is how ‘effective’ the security mechanism of a bank is.

Now, cybersecurity professionals have to deal with roughly the same situation. It’s just that a lot of dynamism gets added to the prevalent challenge. Digital infrastructure is way too intricate as compared to its physical equivalent. So, if a less complicated physical banking system can be robbed, the associated risks directly increase over the digital domain. This is the prime reason behind the mounting cyberattacks on financial institutions, with even avantgarde banking infrastructures such as SWIFT getting affected every now and then.

So, as India and with it, its financial sector continues to embrace digital technologies, is it prepared for the next wave of cyberattacks? Let us have a quick look.

Am I Really Secure? A Question that Every Financial Institution Must Ask Itself
Of late, there have been many cyberattacks targeted at both FIs as well as their thirdparty vendors. At times, we can see the iteration of already known TTPs (Tactics, Techniques, and Procedures) while other times such TTPs are slightly altered with to achieve the desired outcome. In a way or the other, TTPs and various attack vectors tend to become more effective and sophisticated with every passing day. Terabit level DDoS attacks and novel APTs (Advanced Persistent Threats) are some good examples to quote.
WannaCry Ransomware attack, for instance, was able to beam its malware to more than 200,000 computers across 150 countries in a matter of days. All of these systems were compromised by the malware due to an uninstalled security patch released (by Microsoft) around a month ago before the global ransomware breakout. Security lapses as small as this can have dramatic and far-reaching effects on a business organization, especially if it is an FI.

Yester years have stood witness to several cyber attacks on the FIs perse. This includes both IT infrastructure vulnerabilities and human errors and omissions. For instance, SWIFT (Society for Worldwide Interbank Financial Telecommunication) has faced several social engineering driven attacks recently. For the uninitiated, SWIFT is a secured network provider for global FIs which leverage it for to and fro of financial transactions. Cyber attackers, by using social engineering, obtain legitimate SWIFT credentials of a bank and relay multiple fund transfer requests through the victim bank. If these transactions are not timely intercepted and are honoured by the other bank, they result in multi million dollar losses for the respective bank.

EDR solutions are not only deployed on the network nodes, but also on the connected devices and tend to register all activities driven via a network

Starting with the Bangladesh Bank heist of 2016, this method has been used several times to siphon money from FIs belonging to Ukraine, Ecuador, Vietnam, Russia, and India apart from other countries. Due to the sophistication of the SWIFT system, it might give an impression that such attacks could be quite difficult to mitigate. However, they are not. They can easily be countered using cutting-edge Endpoint Detection and Response (EDR) solutions as it was witnessed that hackers could subvert systems at SWIFT endpoints in Bangladesh Bank’s heist.

The reason why such attacks are effective is that they are driven after carefully examining a target, identifying its weak spots (such as human errors & omissions, network vulnerability, and others), and using evasive techniques to bypass the deployed cybersecurity framework. EDR solutions, however, are not only deployed on the network nodes, but also on the connected devices and tend to register all activities driven via a network. These activities are analysed both microscopically and macro scopically in the short term as well as the long haul. This makes it easier to detect anomalous behaviour, make relevant comparisons with known TTPs, and timely intercept an incoming or ongoing attack.

Another challenge that an SOC (Security Operations Centre), or the inhouse cybersecurity team of an organization faces is that it receives innumerable incidents on a daily basis. The majority of these incidents are repetitive in nature and needlessly keep a cybersecurity resource occupied. This challenge gets eliminated through avantgarde solutions such as Security Orchestration, Automation, and Response(SOAR, or a solution stack that has compatible software solutions for low level security incident automation). Today, given the dynamism within the cybersecurity domain, it has also become necessary to update the skillset of the SOC team and improve its both coordination and performance during an ongoing incident. This is being done through simulation of various reallife incidents, including ultramodern cyberattacks, via the Cyber Range solution. The approach ensures that every one in the SOC is on the same page and can intercept and remediate any attack effectively.

Riding on digital technologies, today, the world is changing with unprecedented speed. As much as it is important to adopt the latest technology, it also imperative to take relevant countermeasures vis-a-vis the vulnerabilities that it might introduce within your network. Just remember that digital security is more complex in comparison with the physical one. If physical security can have lapses, the digital one has all the more chances of the same. Digital or otherwise, prevention is always better than the cure especially when you operating inthe highrisk financial domain.