Skip to main content

Big US Banks Under Active Attack, Napolitano Warns

Big US Banks Under Active Attack, Napolitano Warns



The shutdown of New York's financial sector caused by Hurricane Sandy is a stark reminder of how much tumult a human-generated disruption also could cause, said Avivah Litan, security analyst at Gartner. "The fact that the stock market had to close for two days because of a hurricane should be a wake-up call that we are largely unprepared for a major cyberwar."


Considering Live Chat For Your Company?
Which live chat solution is right for you? Find out now with the new Live Chat Comparison 2012 Report. Download the free report.

Hackers are actively attacking some of the largest banks in the nation, U.S. Homeland Security Secretary Janet Napolitano warned this week.

Napolitano declined to go into detail about the types of breaches or what kind of information -- if any -- had been taken. She brought up her concern about attacks on U.S. financial institutions at a cybersecurity event.

The federal government is aware of the vulnerability of U.S. stock exchanges and other financial institutions, as well as infrastructure and utilities. Napolitano stressed the importance of enacting federal guidelines to protect against cyberwar.

Banks including Wells Fargo, Bank of America and JP Morgan Chase were hit this fall with distributed denial of service attacks. Hackers were also able to empty US$400,000 from a Citibank account in Burlington, Wash., earlier this year. Cybercriminals are increasingly using targeted attacks to go after unassuming consumers and employees, said Michael Murray, managing partner of MAD Security.

"The majority of the attacks right now involve targeted phishing and malware attacks -- where the most common attack vector a few years ago was Web applications, the most common attack vector today comes through our people," Murray told TechNewsWorld. "Spear phishing through email, social media and even IM has been used to cause a large number of breaches in the last two years."

Stepping Up Preparation

The shutdown of New York's financial sector caused by Hurricane Sandy is a stark reminder of how much tumult a human-generated disruption also could cause, said Avivah Litan, security analyst at Gartner.

"The fact that the stock market had to close for two days because of a hurricane should be a wake-up call that we are largely unprepared for a major cyberwar," Litan told TechNewsWorld. "There should be more effective business continuity plans. These are noticeably absent."

Relatively speaking, though, Web applications and security systems at financial institutions do have greater protection in place than those in other industries -- mostly because they need it the most, said Murray.

"In my experience, banks are actually some of the best-defended organizations -- due to the regulations we've put on financial institutions, they've invested more heavily in information security controls than most other segments of the economy," he observed. "Unfortunately, banks are also the most heavily targeted segment of the economy because, as the old bank robber Willie Sutton said, they're where the money is."

President Obama has made cybersecurity a priority, Napolitano noted in her address. She stressed the importance of maintaining that type of attitude in Congress going forward.

With so many laws already in place, though, the more important priority needs to be enforcing them, said Litan.

"There is probably enough regulation already, but regulators need to be smarter in how they examine banks' preparedness for these massive hacker attacks," she said. "I don't see proactive leadership from the government -- but I don't think we need new laws to get that from them. We just need them to execute on the powers they already have."
Focus on User

Part of the emphasis on enforcement must be raising consumer awareness about cyberattacks beyond the current level of public knowledge, stressed Murray, but the best protection lies within the financial institution.

"The best way to protect is simple: focus on the behavior of our [bank employee] users," he said. "I'm not talking about traditional awareness programs that just educate users. We need to put behavior-change efforts in place within the organization to make it easier for our users to spot these attacks, more likely that they report them, and to better protect their organizations. We haven't done a good job of that as an industry yet."

As hackers use the system to grow more cunning, workers must be aware of and ready to follow security guidelines so a tricky cybercriminal can't get the best of the system, said Litan.

"The attacks and unavailability of online systems opens the door for social engineering of bank staff by the hackers -- for example, call center staff who are overwhelmed with call volume when websites are down -- and the protections are only as good as the weakest link," she pointed out. "Hackers can socially engineer their way into successfully executing an illegitimate wire transfer by manipulating and fooling a sympathetic call center agent."

Comments

Post a Comment

Popular posts from this blog

How to use ng-href directive in AngularJS

ng-Href Directive                  ng-Href directive is hyper link markup to a text in angularJs. This hyperlink will change able to implement dynamic url {{hash}} value. Hash value to assign in a controller to happened user click event fire to assign dynamic url. This Value is undefined means it will return to 404 page. ng-Href directive Example  HTML:      <div ng-app="anchor">     <div ng-controller="anchorController">         <a ng-href="http://www.google.com" ng-click="show($event)">Anchor Tag</a>     </div>   </div> Javascript :  var anch = angular.module('anchor', []); anch.controller('anchorController',['$scope', '$window', function($scope, $window){     $scope.show = function(obj) {       $window.open(obj.target.href);     } }]); Result :  Demo
4 comments
Read more

A simple start and stop timer counter in angularjs

     AngularJs using to create a start and stop counting timer functionality application. This application is need the following directive like $interval and $filter , We create default time object is display current timer clock functions.         A timer counter is have three functionality as below that start, stop and reset. A start function is called to start the $ interval directive to active so now counter is begin, This moment you are unable to proceed a reset logic.         Stop function is is call to $ interval belongs one of the method like cancel , This method make corresponding active interval prose is stop it. Reset function is call to reset all scope value is to be zero. HTML: <div ng-app="timerApp">     <div ng-controller="timerController">         Current Time : {{time}} <br/>         <hr/>                <Button ng-click="timer_start()">Start</Button>         <Button ng-click=&
Post a Comment
Read more

How has lockdown impacted Indian farmers?

How has lockdown impacted Indian farmers?             Generally compare to other sectors it's not major impacted by our Indian farmers but we acceptable minor impacts. Here we separate major two farming cultures one is mono farming culture another one poly farming culture. Mono farming :             The major impacts from our Indian farmer for monoculture. Here I have briefly explained what are the things we had faced our local farmers. Here I explain two different crops type: Daily crops : * We harvest more than 100-kilo grams daily crops like brinjal but we unable to sell those in local markets. * We are unable to reach urban markets. * We don't have enough transport facilities. * We unable buy require fertilizer and other complements * In the early stage we are facing manpower shortage but later it's not an issue. * We unable to do value-added products. * Waste is very high for somedays Sessional Crops: * We major affect transport pr
Post a Comment
Read more