More Subjects
Cybersecurity
Name
School or Institution Name (University at Place or Town, State)
Suspicious Activity Report
Introduction:
Cyber-criminals are always trying to develop new and sophisticated attacks to compromise as many information technology systems as possible. Despite the continuous improvements in cybersecurity technologies, the cyber-attacks are continually increasing not only in numbers but in the strength as well. None of the departments or institutions powered by the information technology systems are immune to cyber-attacks. Most of the time cyber-attacks are carried out on large-scale organizations for monetary benefit. The financial services sector is one of the major targets of cybercriminals. pFinancial institutions develop a suspicious activity report if they observe any unusual activity within the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1i749h66ah","properties":{"formattedCitation":"(Fligstein & Roehrkasse, 2016)","plainCitation":"(Fligstein & Roehrkasse, 2016)"},"citationItems":[{"id":1753,"uris":["http://zotero.org/users/local/gITejLE9/items/FZ5546TC"],"uri":["http://zotero.org/users/local/gITejLE9/items/FZ5546TC"],"itemData":{"id":1753,"type":"article-journal","title":"The Causes of Fraud in the Financial Crisis of 2007 to 2009: Evidence from the Mortgage-Backed Securities Industry","container-title":"American Sociological Review","page":"617-643","volume":"81","issue":"4","author":[{"family":"Fligstein","given":"Neil"},{"family":"Roehrkasse","given":"Alexander F."}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Fligstein & Roehrkasse, 2016). The report helps in the detection and prevention of highly sophisticated attacks. Suspicious activities observed in a financial institution are often related to asset misappropriation, cybercrime, accounting, money laundering, bribery and, corruption. Each main category may have many subcategories with the varying potential of causing financial loss. Suspicious activity has been observed by the financial services sector details of which are listed below;
Threat:
Cyber-criminals are always trying to target financial institutions using sophisticated attack vectors infiltrating existing protection capabilities of the system. One such activity includes phishing attacks. Phishing is a form of cyber-attacks in which hackers and cybercriminals use look-alike web links to trick users to provide confidential information. Most of the institutions providing financial services to end users rely on internet-based technologies. Such as online accounts providing all of the banking facilities over the internet. End users can access their accounts and perform banking related activities by providing credentials to authenticate their identity to a remote server. Phishing attacks use the web links of online banking services to trick users to provide their confidential information such as usernames and passwords.
The motivation of Threat Actors:
Attackers have the motivation of collecting as many credentials as possible through their phishing campaigns for monetary benefits. Once, an attacker has access to username and password; he can use the details to access the system as a legitimate user. To broaden the scope the malicious activity, the attackers not only forged look-alike links but also utilized spam emails. Emails that look like legitimate ones by the financial institutions but actually were from the attackers ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2j3j0bv7cn","properties":{"formattedCitation":"(Levi & Burrows, 2008)","plainCitation":"(Levi & Burrows, 2008)"},"citationItems":[{"id":1752,"uris":["http://zotero.org/users/local/gITejLE9/items/XJW3SE2Y"],"uri":["http://zotero.org/users/local/gITejLE9/items/XJW3SE2Y"],"itemData":{"id":1752,"type":"article-journal","title":"Measuring the impact of fraud in the UK: A conceptual and empirical journey","container-title":"The British Journal of Criminology","page":"293-318","volume":"48","issue":"3","author":[{"family":"Levi","given":"Michael"},{"family":"Burrows","given":"John"}],"issued":{"date-parts":[["2008"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Levi & Burrows, 2008). Emails contain the links to reset the password for online accounts and end users were fooled by the criminals. Once the user clicks and opens the fake link, he is asked to provide existing username and password which is then sent to the attacker command and control server and nothing happen at the user's screen.
Incident was reported to customer services of different financial institutions by consumers that they are receiving many emails from their financial institution. After a large volume of complaints, the matter was investigated by the experts in the related sector, and they found that phishing attacks are targeting the financial services sector. Such campaign if successful can be used to fund terrorist organizations.
Vulnerabilities in System:
Most of the time cyber-attacks are successful due to inherent flaws of the software system. During early stage investigation, it was revealed that most of the critical machines in the sector were powered by outdated software abandoned by the vendor. Vendors were not releasing security patches for the software products as per the product support life cycle was ended for legacy systems. Targeted organizations failed to upgrade their system within the time frame of product life-cycle. Attackers exploited the security loopholes in the system to target innocent users. Financial institutions also noticed suspicious transactions using online systems that raised many concerns among information technology professionals working in the same sector.
Many systems were not having access to online update servers leaving them vulnerable to potential attacks. During the last two years, ransomware attacks used the vulnerabilities in the system to target the financial services sector of the governments in the world. Following snapshot shows the percentage of reported frauds in the financial sector during 2009 and 2011 ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"abt3dumv00","properties":{"formattedCitation":"(Cummings, Lewellen, McIntire, Moore, & Trzeciak, 2012)","plainCitation":"(Cummings, Lewellen, McIntire, Moore, & Trzeciak, 2012)"},"citationItems":[{"id":1751,"uris":["http://zotero.org/users/local/gITejLE9/items/9TQC569G"],"uri":["http://zotero.org/users/local/gITejLE9/items/9TQC569G"],"itemData":{"id":1751,"type":"report","title":"Insider threat study: Illicit cyber activity involving fraud in the US financial services sector","publisher":"CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST","author":[{"family":"Cummings","given":"Adam"},{"family":"Lewellen","given":"Todd"},{"family":"McIntire","given":"David"},{"family":"Moore","given":"Andrew P."},{"family":"Trzeciak","given":"Randall"}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cummings, Lewellen, McIntire, Moore, & Trzeciak, 2012).
It is evident from the above graph that cybercrimes account for most of the financial frauds in the financial services sector. It can only be reduced by useful risk identification and mitigation plans to overcome vulnerabilities in the system.
Impact on Critical Infrastructure:
Financial services sector represents a vital component of the nation's critical infrastructure. Any potential attack on this sector will cause severe loss to the overall critical infrastructure of the country as well. The department of treasury works with all relevant agencies either state or local and private sector to improve the ability of the sector to prepare for and mitigate humanmade threats to the sector including cybercrime ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"anmmodj51","properties":{"formattedCitation":"(Johansson & Carey, 2016)","plainCitation":"(Johansson & Carey, 2016)"},"citationItems":[{"id":1754,"uris":["http://zotero.org/users/local/gITejLE9/items/JWT7KG43"],"uri":["http://zotero.org/users/local/gITejLE9/items/JWT7KG43"],"itemData":{"id":1754,"type":"article-journal","title":"Detecting fraud: The role of the anonymous reporting channel","container-title":"Journal of business ethics","page":"391-409","volume":"139","issue":"2","author":[{"family":"Johansson","given":"Elka"},{"family":"Carey","given":"Peter"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Johansson & Carey, 2016). Financial institutions provide a broad array of services from the largest institutions to community-based banks. Allowing them to make deposits and transfer funds to other parties. Depending on the critical nature of the sector, any successful attack on the institutions such as observed in the phishing campaign will be able to shut down the whole financial system. Such a massive loss and risk is not affordable to any institution either public or in private sectors.
Actions Taken to Prevent the Attacks:
It was identified that the attackers could exploit the vulnerabilities in software systems of the sector, it was decided to update all of the existing software to mitigate the potential risks of cyber-attacks. The updates to the existing system were planned in different phases because it is not possible for large-scale organizations to update existing systems quickly. Moreover, backward compatibility issues were also accounted for legacy systems. During the first phase of corrective actions of the mitigation plan, systems running obsolete UNIX based applications were updated to the modern operating system.
Authentication mechanism for the internet-based services has been changed because traditional password-based authentication system can be infiltrated by the man in the middle attacks. In the identified activity criminals were able to collect credentials by fooling the end users. To overcome the problem, digital certificate-based authentication system and two-factor authentication have been made compulsory for all of the institutions in the financial services sector. Two-factor authentication has mitigated future attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"avs8tpdnb2","properties":{"formattedCitation":"(Reurink, 2018)","plainCitation":"(Reurink, 2018)"},"citationItems":[{"id":1755,"uris":["http://zotero.org/users/local/gITejLE9/items/WL5JM7LU"],"uri":["http://zotero.org/users/local/gITejLE9/items/WL5JM7LU"],"itemData":{"id":1755,"type":"article-journal","title":"Financial fraud: a literature review","container-title":"Journal of Economic Surveys","page":"1292-1325","volume":"32","issue":"5","author":[{"family":"Reurink","given":"Arjan"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Reurink, 2018). Whenever a user tries to access an online account, a notification will be sent to the mobile device of the user with a one-time password. The expiry time of the one-time password will be very short to prevent brute force attacks as well.
Therefore, even if the credentials of a particular entity are compromised the attacker will not be able to authenticate on the server of financial institutions without the consent of the concerned party. The measure has eliminated the risk of all future attacks of this kind. User awareness campaigns will also help people to learn more about the tactics used by criminals to sabotage the system. Digital signature-based authentication at the application level will prevent online fraud activities by malicious and terrorist actors because the communication will be encrypted with advanced encryption standard using 256 bits length of the key. The attackers will not be able to compromise the system even if they exactly know the underlying algorithm used for encryption unless the encryption keys are kept secret. All of the preventive actions have mitigated the risks of suspicious activity observed for the future as well making the system more secure and robust in performance.
After Action Report
Financial services sector always remain a top target for criminals trying to use hacking tools for monetary benefits. Cybercriminals always try to invent sophisticated attack techniques to compromise a large number of computers and related information technology infrastructure. Phishing attacks are an important technique used by criminals to trick users of online services. Attackers made people click on forged links to obtain their login credentials. Stolen credentials were then sold on the black market and used by criminals to authenticate on servers of financial services. There were no restrictions on authentications of users by the servers. Reports by the users were investigated, and financial institutions found suspicious transaction happening in the network.
Attack campaigns were successful due to the vulnerabilities in the system. It was investigated that most of the information technology infrastructure in the sector was powered by obsolete software leaving them a potential target for cyber-attacks. Targeted attacks can break the whole financial system. Therefore, mitigation steps were taken to reduce the threat surface. During the first phase of the corrective actions, all of the outdated systems were updated to the latest available software programs available with the vendors of legacy systems. The move was helpful in patching the exploitable loopholes in the information technology infrastructure of the sector.
To specifically overcome the issue of phishing attacks, two significant changes were introduced in the system. The first change was the implementation of two-factor authentication for online financial services. In this way, whenever the user will try to access the online financial system, a one-time password will be generated and communicated to the owner of the service via a different channel, e.g. phone or email. The approach will render phishing campaigns useless. Even if the attacker has access to the login credentials of the user, he will not be able to authenticate his identity without having access to the one-time password. There can be a problem in the one-time password generation mechanism because the attackers can brute force the service to bypass the two-factor authentication. The risk of brute force attack was mitigated by the implementation of the synchronous clock at the server end to generate short lived passwords. Each password generated by the authentication server will be valid for a very short time only.
The second thing was the implementation of a digital signature based authentication system to prove the identity of the client to the server. The implementation of the measure mitigated the risk of man in the middle attacks to steal the login credentials of the users. With the implementation of the system, the password and other credentials of the end user are not transmitted over an insecure channel ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2qj5u2se3f","properties":{"formattedCitation":"(Moore, Dynes, & Chang, 2016)","plainCitation":"(Moore, Dynes, & Chang, 2016)"},"citationItems":[{"id":1757,"uris":["http://zotero.org/users/local/gITejLE9/items/XAJVQ75M"],"uri":["http://zotero.org/users/local/gITejLE9/items/XAJVQ75M"],"itemData":{"id":1757,"type":"article-journal","title":"Identifying how firms manage cybersecurity investment","container-title":"University of California, Berkeley","author":[{"family":"Moore","given":"Tyler"},{"family":"Dynes","given":"Scott"},{"family":"Chang","given":"Frederick R."}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Moore, Dynes, & Chang, 2016). All the details are first encrypted using a digital certificate using the private key of the sender. Digital certificates are issued by a trusted third party playing the role of authenticator. The sender encrypts the contents of the message with a private key corresponding to the digital signature. On the server side, the message is decrypted using the server private key along with the public key of the certificate. The public key is known to the overall system while the private keys are only known to individual machines.
The public key cryptographic mechanism has mitigated the risk of theft for the credentials of the user. The attackers will never be able to collect the original message even if they are aware of the underlying encryption algorithm as well. It is true as long as the private keys are kept secret. If this line of defense against cyber-attacks is somehow compromised then combined with the two-factor authentication system, the mitigation techniques will render most of the attacks useless ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a10a1j07vdt","properties":{"formattedCitation":"(Etzioni, 2011)","plainCitation":"(Etzioni, 2011)"},"citationItems":[{"id":1758,"uris":["http://zotero.org/users/local/gITejLE9/items/ZWV8FUVT"],"uri":["http://zotero.org/users/local/gITejLE9/items/ZWV8FUVT"],"itemData":{"id":1758,"type":"article-journal","title":"Cybersecurity in the private sector","container-title":"Issues in Science and Technology","page":"58-62","volume":"28","issue":"1","author":[{"family":"Etzioni","given":"Amitai"}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Etzioni, 2011). The financial service sector is an essential component of the nation's critical infrastructure. Ensuring the confidentiality, integrity, and availability of the data in the financial services sector is inevitable. Without appropriate risk reduction and mitigation plans, these objectives are impossible to achieve.
With the improvement in protective and risk mitigation techniques, cyber threats are also increasing not only in their number but in complexity as well. During the last two years, ransomware campaigns caused billions of dollars in loss due to the encryption of critical data by the criminals. Criminals locked the institutions out of their systems and demanded ransom money to restore access ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a25rb50vgg4","properties":{"formattedCitation":"(Martin, Ghafur, Kinross, Hankin, & Darzi, 2018)","plainCitation":"(Martin, Ghafur, Kinross, Hankin, & Darzi, 2018)"},"citationItems":[{"id":1759,"uris":["http://zotero.org/users/local/gITejLE9/items/9RPUD4KP"],"uri":["http://zotero.org/users/local/gITejLE9/items/9RPUD4KP"],"itemData":{"id":1759,"type":"article-journal","title":"WannaCry-a year on","container-title":"BMJ: British Medical Journal (Online)","volume":"361","author":[{"family":"Martin","given":"Guy"},{"family":"Ghafur","given":"Saira"},{"family":"Kinross","given":"James"},{"family":"Hankin","given":"Chris"},{"family":"Darzi","given":"Ara"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Martin, Ghafur, Kinross, Hankin, & Darzi, 2018). The exponential increase in cyber threat landscape has made it inevitable for the financial services sector to implement rigorous mitigation techniques to protect critical infrastructure. User awareness campaigns must also be initiated to educate general users of the system that how to differentiate legitimate web links from fraudulent websites.
There will always be tradeoffs between the security and efficiency of the system. Too much security will also impact the system negatively. Appropriate measures must be devised to make the sector more beneficial to end users and governments as well. Latest innovations in cybersecurity such as artificial intelligence and machine learning algorithms will help in overcoming these potential issues. Careful risk identification and appropriate risk mitigation plans must be part of the strategic planning of institutions operating in the financial sector. Otherwise, any potential breach of financial information can cause severe damage to the nation’s critical infrastructure.
References
ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Cummings, A., Lewellen, T., McIntire, D., Moore, A. P., & Trzeciak, R. (2012). Insider threat study: Illicit cyber activity involving fraud in the US financial services sector. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
Etzioni, A. (2011). Cybersecurity in the private sector. Issues in Science and Technology, 28(1), 58–62.
Fligstein, N., & Roehrkasse, A. F. (2016). The Causes of Fraud in the Financial Crisis of 2007 to 2009: Evidence from the Mortgage-Backed Securities Industry. American Sociological Review, 81(4), 617–643.
Johansson, E., & Carey, P. (2016). Detecting fraud: The role of the anonymous reporting channel. Journal of Business Ethics, 139(2), 391–409.
Levi, M., & Burrows, J. (2008). Measuring the impact of fraud in the UK: A conceptual and empirical journey. The British Journal of Criminology, 48(3), 293–318.
Martin, G., Ghafur, S., Kinross, J., Hankin, C., & Darzi, A. (2018). WannaCry-a year on. BMJ: British Medical Journal (Online), 361.
Moore, T., Dynes, S., & Chang, F. R. (2016). Identifying how firms manage cybersecurity investment. University of California, Berkeley.
Reurink, A. (2018). Financial fraud: a literature review. Journal of Economic Surveys, 32(5), 1292–1325.
More Subjects
Join our mailing list
© All Rights Reserved 2024