Stopping ransomware attacks before they can take place

Gaetano Ziri, Software Engineer at Auriga, discusses how financial institutions are up to 300 times more likely to suffer a cyberattack, and advises on how to prevent this.
Gaetano Ziri, Software Engineer at Auriga, discusses how financial institutions are up to 300 times more likely to suffer a ransomware attack, and advises on how to prevent this.

Remote working resulted in the increase of distributed endpoints, from laptops to smartphones to Internet of Things (IoT) devices, which pose a constant security risk to both individuals and financial institutions – these act as ideal “entry points” for cybercriminals. They send phishing emails or malicious attachments to bank employees, targeting any device that can be manipulated to gain access to the entire network. Endpoints are the first point of a cyber-attack and create an attack surface for further malicious activities. Financial institutions must therefore be aware of and implement preventative measures against these potential cyber risks, as they are prime targets for a litany of attacks including ransomware due to the vast quantities of confidential data relating to its customers and employees. In effect, ransomware blocks access to infected endpoint resources unless the ransom is paid.

In fact, the offensive against the financial sector has intensified in the last year because of the pandemic. Palo Alto Networks’ research arm, Unit 42, revealed that cybercriminals across USA, Canada, and Europe are making and demanding more money than ever. There has been a 171% year-over-year increase in the average ransom paid for organizations from US$115,123 in 2019 to $312,493 in 2020. With the highest ransom paid by an organization doubling from $5mn (2019) to $10mn (2020). Between 2015 and 2019, the highest ransomware demand was $15mn, but this figure jumped to $30 million last year. Both the European Central Bank and the International Monetary Fund (IMF) have noted this increase in cyber-attacks aimed at financial institutions. Even if no serious security breaches have been opened, the losses of the institutions already amount to several million euros in the last year alone.

Standalone solutions aren’t enough

To circumvent such attacks, financial institutions must act now and enhance their operational resilience. Ransomware has evolved into a ‘service offering’ known as Ransomware-as-a-Service (RaaS) that enables cybercriminals, that are unfamiliar with malware development, to outsource this skill and deploy an attack with relative ease. Essentially, it is a subscription-based model that enables affiliates to use already-developed tools to carry out attacks. Unfortunately, there are still too many financial institutions relying on standalone solutions, instead of consolidating several. A variety of protection mechanisms on a single platform are now essential including:

  • Application whitelisting: this layer prevents the execution of malware or unauthorized software by defining a whitelist of processes that can be executed on the ATM
  • Full encryption of all hard disks and media: without this protection mechanism, cybercriminals can steal hardware or reconstruct products through reverse engineering, which allows them to inject malware onto the hard disk and then replace it at another bank branch.
  • File system integrity protection: this prevents any attempt to modify a critical file for anyone unless the process of software updates is already predefined.
  • Hardware protection: it prevents the connection of fraudulent hardware and blocks devices that are not included in the whitelist.
  • Firewall and use of best practices to prevent network attacks.
Building a wall of protection

Network segmentation is a good defense strategy to prevent network-based attacks on ATMs, it divides the corporate network into different areas that are only partially networked or not networked at all. It is mission-critical to ensure that only legitimate traffic is allowed through to critical resources. In this case, the ATM network should be separated from the rest of the corporate IT network, reducing the risk to this part of the environment. While network segmentation is not a new concept, it is rising in popularity and gaining traction among banks. The trend is to segment internal networks to prevent extraneous traffic.

Other effective solutions include artificial intelligence and machine learning, which are playing an increasing role in cybersecurity to detect attacks at an early stage. Various security tools analyze data from millions of cyber incidents and use it to determine potential threats. With network traffic analysis, an employee account behaving strangely (from clicking on a potential phishing email or a new variant of malware) can be more easily identified. Emerging issues are immediately detected and blocked by AI and ML, stopping the cyber-attack in its track before it can even negatively impact business operations.

Machine learning tools are valuable for fraud prevention, and most experts would agree that it has become essential for mitigating cybercrime. On a high level, detecting fraud is about learning the difference between normal spending behaviors and unusual, fraudulent purchases. With machine learning, the technology can analyze all available data and educate itself on the difference between an honest transaction and a fraudulent one.

Financial institutions can also consider whitelisting to allow controlled access to system resources. For example, if a customer provides personal information during a video call or remote consultation, the USB ports of the operator’s workstation should be locked to prevent the video file from being stored on an external device. 

Organizations must find new ways to use their existing resources more effectively. This can be done in several ways:

  1. Automating more processes to identify and respond to issues in real time before they impact business operations.
  2. Equalizing workloads based on broader threat analysis, with a particular focus on, for example, data leaks or introduced malware.
  3. Breaking down silos by introducing advanced self-service platforms. 
  4. Consolidating activities, for example through an effective cybersecurity strategy with proactive device monitoring to maintain service availability.

READ MORE:

To increase the cybersecurity of ATMs, assisted self-service terminals of a bank, and endpoints one should not rely solely on standard anti-virus and anti-malware programs, but also look towards advanced technology. Financial institutions should invest in comprehensive, channel-integrating end-to-end solutions, this way, the ATM no longer counts as a separate silo but part of an omnichannel. This ensures all centralized ATM security operations are on a single platform, with minimal impact on device performance. When financial institutions address the threat situation and adapt their processes, they make a valuable contribution that ultimately protects not only the financial institution but also customers from harm. Cybersecurity is a long-term investment and organizations must continue to teach customers and employees how to identify potential threats through training, education, and awareness programs.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...