Coordinated attacks, also known as ATM cashouts, on financial firms threaten the security of transactions and integrity of banking systems overall. ATM cashouts refer to a coordinated attack on multiple branches of financial institutions. Once criminals gain access to the network, they spoof ATM cards and withdraw funds from client accounts within a matter of hours.Firms are taking a strong stance against these attacks in many ways. The primary way is to develop a keen focus on network security, proper patching of software, and a strong employee awareness training effort.
With development of these efforts, financial firms have a chance to identify and thwart network attacks before their firm becomes the next victim of a network breach featured in the news.
The New Face of Coordinated Attacks
One financial firm that made headlines as the victim of a coordinated attack is Cosmos Bank, one of the oldest financial institutions in India. To fully understand how to protect their firms, financial institutions are reviewing the specifics of the August 14 ATM cashout attack on Cosmos Bank.
The FBI issued a confidential alert to financial institutions two days before, warning that cybercriminals were planning to conduct a global cashout attack in the coming days.
Cosmos Bank disclosed that bad actors had withdrawn $11.5 million from ATMs and had withdrawn an additional $2 million through fraudulent bank transfers. The criminals used 450 cloned debit cards across 28 countries.
What Went Wrong: The Cosmos Bank attack, and coordinated ATM attacks like it, involve sophisticated planning on the part of the cyber attackers. They attack payment processors or banks to gain access to customer accounts and create fraudulent debit cards. They also introduce malware into the financial firm’s network, usually through spear phishing or social engineering. Both these phishing techniques depend on unwitting employees giving bad actors access to their internal networks.
Once the malware is introduced, it may lay dormant for days or even months. In the case of Cosmos Bank, once the malware was activated, it created a proxy switch, which approved the fraudulent transactions and lifted the restrictions on the number and dollar amount of customer transactions that could be made in a day.
Safeguarding Your Firm from ATM Cashouts
In the face of these attacks, which the FBI warned could “continue or possibly increase in the near future," it’s vital to ensure your firm has every possible safeguard in place. To shore up your firm’s security, consider reviewing these four areas: network security, software patching procedures, employee cybersecurity awareness, and customer cybersecurity awareness.
Increasing Network Security
As cyberattacks have grown in sophistication, so have cybersecurity solutions. The first step to increase network security is to scrutinize your approach to network security. Though most firms use firewalls for network protection today’s malware is typically introduced from within the network.
That’s why financial firms are turning to a layered security approach to prevent these attacks. A layered security approach protects your firm at every level. Layered security may include:
- Physical security measures at vital sites
- Using virtual private networks to microsegment your network, isolating potential threats
- Multi-factor authentication, which protects system access
- Proactive monitoring tools
- Incident response plans
Proactive monitoring tools can trace the path of transactions across your network. They can detect unusual or implausible transactions, such as using the same card in multiple locations within an unrealistic time frame. Monitoring tools also detect ATM cashout attacks through reviewing the number of transactions coming in from a specific terminal or terminals that are isolated from your network.
Many proactive monitoring systems use artificial intelligence (AI) to further increase security. AI automates threat monitoring, providing enhanced security without burdening your IT staff. AI uses predictive analytics, uncovering potential weaknesses in your network that you can address in real time before they become a problem.
Unpatched software can lead to vulnerabilities, but proper software patching is a labor-intensive process for your IT team. The amount of manual labor involved increases the chances of human error. To ensure you have the appropriate patches in place, your team should systematically scan for patches and install those patches on a regularly scheduled basis. Some firms are turning to trusted partners to handle patch management and implementation, freeing up their staff to focus on other security goals.
Employee Awareness Training
Employees are often at the root of malware attacks. They are targeted through increasingly sophisticated means. For example, a cybercriminal may spoof the account of a CEO or company executive and ask an employee to send sensitive data. The employee complies, not realizing they’re responding to a request from a bad actor.
Consider training every employee at your firm on cybersecurity measures. CEOs and other executives are especially attractive targets to cybercriminals because of the access they have to sensitive, critical information on your network. Employees should be skeptical of any email with an attachment or outside link. If employees are asked to send sensitive information via email, they should confirm the request is legitimate before sending.
Employee awareness training can significantly decrease the chances of a bad actor gaining access to your network when integrated with other tools like web content filtering, email spam filtering, advanced threat protection (ATP), IDS/IPS (intrusion detection and prevention), firewall monitoring and reporting, endpoint protection (antivirus), data loss prevention (DLP), security information and event monitoring and management (SIEM) services, and regular security checks such as pen tests, vulnerability assessments, and remote social engineering assessments.
DataComm: Your Trusted Partner
Coordinated attacks like ATM cashouts pose a real threat to financial firms. To protect our customers, at DataComm we offer network security services such as:
- Real-time IDS/IPS
- Firewall monitoring and reporting,
- Security event log monitoring,
- Spam filtering,
- Email encryption,
- Advanced threat protection (ATP),
- Endpoint protection (antivirus),
- Data loss prevention (DLP), and
- SIEM services.
This is in addition to other managed services: network management and monitoring, patch management, 24-hour help desk, data backup, secure file transfer, unified communications, and more. We know the importance of incorporating security solutions while maintaining compliance, and we're ready to help. Contact us today for more information on how we can increase the security of your firm.