//////////////////////////////////////////////////////////////////////////
attacks and other high-impact fraud threats
by analysing user activity from the moment
they start a new session to when they log off
from a website or mobile app.
Finally, Adaptive Authentication provides
transaction-level risk analysis using advanced
Machine Learning capabilities, authenticates
end-users and detects and prevents
fraudulent transactions, across numerous
channels, to minimise financial risk.
of vulnerabilities and errors were
discovered in smart contracts, on which a
number of financial institution’s services
have been built.
• More supply chain attacks in the
financial sphere. Large financial
organisations invest considerable
resources in cybersecurity, thus the
penetration of their infrastructure is
not an easy task. However, a threat
vector that is likely to be actively used
EMPLOYEES NEED TO BE EDUCATED
TO ENSURE THEY AVOID CLICKING ON
LINKS IN TEXT MESSAGES OR EMAILS
FROM UNFAMILIAR SENDERS.
Amir Kanaan, Managing Director for the
Middle East, Turkey and Africa
Cybercriminals vs financial
institutions in 2018: The key
threats this year
AMIR KANAAN, MANAGING
DIRECTOR FOR THE MIDDLE EAST,
TURKEY AND AFRICA
• Attacks via the underlying Blockchain
technologies of financial systems.
Almost all of the world’s large financial
organisations are actively investing in
systems based on Blockchain technology.
Any new technology has its advantages
but also a number of new risks. Financial
systems based on Blockchain do not exist
autonomously, therefore vulnerabilities
and errors in Blockchain implementation
can enable attackers to earn money and
disrupt the work of a financial institution.
For instance, in 2016 to 2017, a number
www.intelligentcio.com
by cybercriminals in the coming year is
attacks on software vendors supplying
financial organisations. Such vendors,
for the most part, have a weak level of
protection compared to the financial
organisations themselves.
• ATM malware automation. The first
malware for ATMs appeared in 2009 and
since then these devices have received
constant attention from cyberfraudsters.
There has been a continuous evolution
of this type of attack. The past year saw
the emergence of ATM malware-as-a-
service and the next step will be the full
automation of such attacks – a mini-
computer will be connected automatically
to an ATM, leading to malware
installation and jackpotting or card data
collection. This will significantly shorten
the time needed for intruders to commit
their crime.
• More attacks on cryptoexchange
platforms. For the past year,
cryptocurrencies have attracted a huge
number of investors, which in turn has
led to a boom in new services for trading
various coins and tokens. Traditional
players in the financial market, with highly
developed cybersecurity protection,
haven’t rushed to enter this field. This
situation provides attackers with an ideal
opportunity to target cryptocurrency
exchanges. On the one hand, new
companies haven’t managed to test their
FEATURE: FRAUD PREVENTION
security systems properly. On the other
hand, the entire cryptocurrency exchange
business, technically speaking, is built on
well-known principles and technologies.
Thus, attackers know, as well as have,
the necessary toolkit to penetrate the
infrastructure of new sites and services
working with cryptocurrencies.
• Traditional card fraud spikes due to
data breaches of the previous year.
Big personal data leaks – including the
Equifax case, which resulted in more
than 140 million US residents’ data
being leaked to cybercriminals, and the
Uber case, when the data of another 57
million customers was leaked, has created
a situation where traditional banking
security can seriously fail, because it’s
based on the analysis of data about
current or potential customers. For
example, detailed knowledge of a victim’s
personal data can allow attackers to pose
as a banking customer and extract their
victim’s money or security information,
while to the bank concerned, their request
looks legitimate.
Conclusion
During the past few years, the number
and quality of attacks aimed at
financial sector organisations has grown
continuously. These are attacks on the
infrastructure of an organisation and its
employees, not its customers. The financial
institutions that have not already thought
about cybersecurity will soon face the
consequences of hacker attacks. And these
consequences will be incompatible with the
continuation of these businesses: they will
lead to a complete halt in operations as well
as extreme losses.
To prevent situations like this from
happening, it is necessary to constantly
adapt security systems to new emerging
threats. This is impossible without analysing
data and information about the most
important and relevant cyberattacks aimed
at financial organisations.
An effective approach to combating
attacks will be for banks to choose the
right security solutions, but also to use
specialised intelligence reports on attacks
as these contain information that must
be implemented immediately into overall
protection systems. n
INTELLIGENTCIO
35