everyone: older news
by Brent Kirkpatrick
(Date Published: 03/23/2017.)
Imagine having a crook on your bank's computers for five years. They can pilfer client information, embezzle, engage in insider trading, change credit scores, and give themselves loans.
The only way to catch the skilled crooks is by manual checking of account balances, payments, transactions and contracts. This is because hackers cover their electronic tracks and avoid automated methods of catching them. For example, if your IT team uses tripwire or some other automated intrusion detection system, the hackers prioritize evading or disabling it. Similarly, hackers prioritize disabling virus scanners.
Some companies are so severely compromised that they adjust to having a hacker on their systems and consider a clean computer suspect due to the absence of hacker activity. For example, if a hacker's backdoor causes certain log reports to be generated, IT teams can learn to expect those reports, flag them as normal, and raise an intrusion alert in the absence of those log reports.
Worms provide the most effective entry point for hackers. A worm allows them to gain access to all the bank's computers at the same time. From there, hackers can install back-doors whereby they retain access when their worm is cleaned up. These back-doors are so deeply embedded in the systems that most IT people fail to detect them and fail to prioritize them for clean-up.
As a rule of thumb, the longer an organization has been hacked, the harder it is to clean up the systems. This is because the hacker's goal is to retain access while being undetected. They do this by putting back-doors in parts of the system that are difficult to patch. And, they strategically choose machines for leap-frogging their attacks. Indeed, they may use a backdoor from a previous worm to release a new worm, Trojan or virus.
Banks handle financial information which has privacy provisions in the Gramm-Leach-Bliley (GLB) Act. Banks are responsible for reporting privacy violations to their clients. For credit cards, there is a proprietary security standard Payment Card Industry Data Security Standard (PCI DSS).
defendIT (TM). AI-driven security measures derived from security incident data.