Co-ordinated attack and increasingly sophisticated malware deployments places businesses at greater risk than ever before

marsh thecityuk cyber risk cybercrime

The rapid migration of business and personal information into the digital stratosphere has largely taken the world by surprise. Global interconnected technology platforms have created a base not only for businesses to bound into previously untapped markets at the touch of a button, but also given criminals a new and arguably easier way to operate. The amalgamation of both has exposed the vulnerability of large companies such as the recent attack on Chilean bank Banco de Chile, and the Carbanak/Cobalt attack.

Indeed, financial institutions are particularly vulnerable. Jim Heinzman, EVP, Financial Services Solutions, at ThetaRay in New York, highlighted some recent digital thefts and how new cyber risks have spawned novel defences. “A recent example of a co-ordinated attack happened at Banco de Chile. While the details will continue to evolve, it appears now that a co-ordinated attack first deployed a virus into the bank’s systems causing the firm to disconnect 9000 computers in order to protect their customer records. As this virus was causing a serious disruption an apparent separate attack was used to siphon off $10 million using the SWIFT payment network.”

This pales in comparison to the more advanced cyber attack referred to as Carbanak/Cobalt, which used a series of increasingly sophisticated malware deployments to eventually channel inflated bank account balances to transfer money electronically and, separately, dispense cash at ATMs at prescribed times for their money carriers to pick up, added Heinzman.

“This attack, evolving over years across 14 countries and over 100 financial institutions could have been worse. If the intent was not just to steal money under the radar but instead by some terrorist group or rogue nation to disrupt markets, the results could be much more severe,” he cautioned.

The simultaneous shut-down of the Toronto and Montreal Stock Exchanges in April showed how cyber-criminals can and will exploit single points of failure to cause widespread financial market disruption in the future using advanced threats. “These co-ordinated attacks led with advanced malware, increasingly becoming weapons of cold cyber wars and terrorists, are the principal long-term threat to the industry,” according to Heinzman.

Cyber currencies, related exchanges, and blockchain technology are most vulnerable to attacks. Simply because of the proliferation of these processes that push the envelope of technology and financial markets innovation, many smart security practices are wilfully or ignorantly overlooked, says Heinzman. However, given the scale of crypto-currency today, this is not yet a critical risk to the financial industry.

“We have seen numerous attacks against the SWIFT network that have netted criminals significant monetary gains and have begun to undermine the perceived safety and security of the network,” continued Heinzman. “Using advanced technologies to protect the network and defend against future attacks is paramount to ensure continued security and confidence in the network.”

New security methods

Detecting the rapidly evolving threats to financial institutions, markets, and their customers is a major challenge, but some companies are at the forefront of solving this by leveraging advanced artificial intelligence methods, including deep learning and unsupervised machine learning algorithms. ThetaRay, a cyber security and big data company, is one of them.

It is forging close partnerships with global financial institutions, leading industrial firms, consultants, regulators, and other key market participants to establish a shared understanding of market pains and priorities to solve them.

In London this May, ThetaRay convened a dozen leading financial institutions and the Financial Conduct Authority to discuss their needs and how to tackle cyber-security and financial crimes such as AML, terrorist financing and human trafficking, in addition to fraud and ATM security.

Transport networks under attack

The land-based global transport network is just as vulnerable as financial systems to cyber attack. Israel Baron, head of cyber at Israel Railways, argues that preventing trains and railway systems from attacks is a complicated task. This is because, until recently, most systems were not secured due to a misconception that railway control systems are ‘air gapped’, and as such are safe from hackers.

The UK Department for Transport in 2016 acknowledged that railway systems are becoming more vulnerable to cyber attacks. Transport systems are increasingly being linked network controls and automation systems, which can be accessed remotely via public and private networks. Darktrace claim is telling of the scale of the problem. In 2016, it claimed that the UK rail network had been hit by at least four major cyber-attacks over a 12-month period.

Israel Railways’ Baron explains that some solutions include secured and encrypted communication channels to locomotives and using predictive analysis on signalling systems, which feature a limited and known amount of commands and low volumes of data. Under the guidance of regulator the National Cyber Security Authority, Israel railways are building state of the art monitoring systems to detect and neutralise hostile cyber activity.

Cyber Week

Such is the critical state of essential infrastructure’s vulnerability to network attack that this year’s Cyber Week in Tel Aviv, Israel, dwelt upon the nightmare scenario of military jets falling out of the sky, financial systems paralysed and the railway network brought to a shuddering standstill.

To grab the 8,000-strong international audience’s attention at Tel Aviv University, Prime Minister Benjamin Netanyahu, a principal speaker at the eighth annual gathering, was interrupted by an on-stage announcement that all the attendees’ bank accounts had just been hacked.

The audio clip intoned “Ironic, isn’t it? A conference dedicated to cybersecurity being hacked.”

“We are based in a country not far from Israel. That’s all you need to know for now. The bank accounts of everyone sitting in this hall have just been frozen. The intellectual property of your companies is in our hands, so are your private conversations. This information is being sent to your competition and your enemies,” it went on.

It may have been a jocular episode in an otherwise serious conference, but, as Netanyahu said, “This is a supreme test for our civilisation. It is going to be tested not only by criminal organisations, by terrorists, but by other states. This is why we’re holding this cyber conference here. It is to protect the present and ensure the future, no less than that.”

“In the digital age there will be no silver bullet, it doesn’t exist. We can monitor quite a bit, we can stop a lot, but we need to keep racing ahead,” he added, praising the cybersecurity ecosystem in Israel, saying the country is “punching at 200 times above our weight here.”

Israel’s reputation as a world leader in cybersecurity is well established. Earlier this year, former CIA director Gen (Ret) David H. Petraeus labelled Israel a ‘cyber superpower’; according to an April 2018 report by CB Insights, Israel is home to the second-largest number of cybersecurity deals globally.

Israel boasts 20 percent of all global private investments in cybersecurity, the prime minister revealed, adding the country’s cyber exports last year amounted to $3.8 billion. Also in 2017, Israeli cybersecurity firms raised a record $814.5 million in 81 deals both in venture capital funds and private equity, while exits accrued $1.4 billion, according to a January 2018 report on Israel’s cyber sector by Start-Up Nation Central. There are also a recorded 474 active cybersecurity startups and companies operating in Israel.

A new Cyber Security Complex in the southern Israeli city of Beersheba would boost cooperation across agencies and become a leading global authority on cybersecurity, according to Netanyahu. An hermetically-sealed ‘cyber shield’ is currently undergoing construction, a virtual version of Israel’s ‘Iron Dome’ missile defence system.

UK firms have acknowledged Israel’s cyber security prowess. “Israel is known to be a global centre for cyber innovation. If we aren’t tapping into that we’re missing a huge trick,” says Mike Hodgson, Head of Innovation Engagement at BT Security. Part of the bilateral tech relationship is UK Israel Tech Hub, a flagship programme facilitating 175 business relationships with a potential benefit of £800 million to both nations’ economies.

Yigal Unna, Director-General of the Israel National Cyber Directorate, said Israel’s three-tiered approach to cyber security embraced market robustness, systemic resilience and national defence. The directorate’s overall strategy is to fold technical and political methods into one operational unit to build capacity for Israel’s cyber defence.

Other speakers at Cyber Week included the head of Israel’s Internal Security Agency (Shin Bet), Nadav Argaman, former Israeli PM and minister of defence Ehud Barak, as well as a number of representatives from leading global tech companies, such as IBM, Microsoft, and Intel.

Founders and CEOs of Israeli cybersecurity companies presented riveting panel discussions. These included CheckPoint founder and CEO Gil Shwed who received the inaugural Israel Prize for innovation and high-tech. Other notable sessions featured Cybereason co-founder Yossi Naar, whose firm raised $100 million last year, and Team8 CEO and co-founder Nadav Zafrir, a former commander of the Israeli military’s renowned Intelligence Corps Unit 8200.