Bank robbery used to be simplistic. People, in masks, walk
in with guns, real or pretend, and take whatever money was in the local vault. Unfortunately,
the first warning anyone got that there was about to be a robbery was when the
robbers burst into the bank in ski or comic masks. Today’s “robbers” don’t have
to walk in the doors to be effective. They can sit comfortably in their living
rooms with their feet propped up and commit crimes that undermine consumer
confidence and a financial institution’s reputation in moments.
From a technologist’s standpoint, the technology behind the
DDOS (Distributed Denial of Service) attack is brute force in nature. The
attack’s target is internet facing servers that accept a certain number of
connections and can then be overwhelmed by too many connections; basic and easy
to perform.
There are steps you can proactively take to lessen the
potential attack. These require:
Planning
-
Banks with established incident response teams
have a greater opportunity to control the impact of a denial of service attack.
- Teams should rehearse an attack and the planned response
- Teams should have assigned roles and responsibilities with multiple methods of contact
- If a bank is a consistent target, perhaps cyber
insurance should be considered.
Communication
- Banks need to decide who will be the liaison with the FBI Cyber Unit, Homeland Security and any other security agencies that manage cyber incidents.
- A phone tree should be created with security, legal, compliance, marketing or Public Relations and technology individuals who have actionable roles.
- A plan for communicating with customers in some
other method than through the public call center numbers should be established.
Active monitoring
- Internet providers have tools that monitor traffic 24/7. Servers have tools that report the number of connections, whether it’s successful connections, waiting connections or failed connections. Metrics should be easily available that reflect normal traffic for the time of the month and day. There may be occasional outliers but for the most part, traffic is somewhat predictable. A rise in connections could be an attack beginning. When IT staffs see this type of increase in traffic, it should be investigated and preventative measures taken to avoid an attack completing shutting down the bank’s websites.
- If a bank does not have the type of active monitoring discussed then they should consider using a 3rd party to either a) host their web servers or b) implement monitoring for the bank.
-
Monitoring the web server interfaces will again
offer insight into predictable traffic patterns. Outliers should be considered
potential signs of an attack.
Training
- Providing employees with training on how to detect an attack will go a long way toward lessening the potential impact.
- Providing customers with training on ways to recognize potential malware that could launch an attack will also help.
- Create two-factor authentication requirements
and train customers on the need to have separate passwords for their banking
environments and other browsing needs.
Successful patching program
-
Although a bank can’t do a lot to avoid zero-day
exploits that have yet to be realized by the security company, a number of institutions
are lax in their patching processes. Windows servers are no longer the lone
targets. Teams can underestimate the hypervisor environment’s potential payload
and with many institutions using virtual environments to lessen the physical
server overhead, this is a potential gold mine for Trojans and malware.
If a bank is a target of a DDOS attack, the chances are
there will be some impact. Following the steps above are designed to
lessen the potential impact.
No comments:
Post a Comment