How Dark is the Dark Web Part 2: Banking in the Dark

As long as banks have money, there will always be bank robberies. However, the shouts of “Nobody move, nobody gets hurt,” has been replaced by the dull clicks of hacker keystrokes halfway across the globe. Hackers treat banks as their personal ATMs. They slip in and out of hidden cyber tunnels with bags of digital coin or sell the keys to the bank’s front door to the highest bidder.

All banking cyber-attacks start with a motivation, which is important to understand in order to properly protect organizations and customers. Cybercrime groups, scammers and even state-sponsored actors have two general motivations for attacking a financial institution:

  1. Financial: These groups focus on fraud, burglarizing ATMs, executing transactions through the SWIFT system and penetrating intranets of financial organizations through the use of banking malware.
  2. Political: These hackers are difficult to categorize, since they may be directly employed by an arm of a national government or may be from an organized crime entity employed by a national government. Think of recent hacks like JP Morgan Chase, which was attributed to an undefined group in Russia. They aim to create public fear and distrust or damage a country’s financial stability.

The dark web is a comfort zone and resource-rich playground for bad actors in both of these groups. There they can readily obtain important intelligence, such as compromised bank employee login credentials, stolen data, source code, leaked credit cards and other information about the organization and its customers to aid in accomplishing their specific goals. From 2017 to 2018 there was a 151 percent increase in attack indications on the dark web targeting financial institutions, according to IntSights’ research.

Many banks and financial organizations still do not consider the dark web as part of their security strategy or digital attack surface as it doesn’t constitute a direct attack on an organization, like ransomware or phishing. However, insight into dark web activity is extremely important as it can identify early indications and the motivations behind attacks against customers, employees and corporate systems.

Based on IntSight’s data of leaked banking information, there was a 135 percent year-over-year increase in financial data being sold on dark web black markets. An organization that knows what information has been compromised and sold gives security teams the rare option to play offense rather than defense.

Here are five early detection and mitigation considerations that take into account (no pun intended) how the financial sector can leverage the dark web to reduce successful attacks.

1) Use Threat Intelligence to Take a Proactive Approach

By monitoring common hacker activity across the clear, deep and dark web, you can identify key attack indications early, and shift your focus from reactive response to proactive mitigation.

2) Evaluate Risks – Not Just Compliance – to Increase Security

There are cybersecurity threats that have nothing to do with ISO certifications, SSAE certifications, or any other compliance-related protocol. Focusing on risk, instead of simply on compliance, can help increase an organization’s security levels and ensure you’re working on stopping threats, not meeting compliance standards.

3) Leverage Automation Tools to Sift Through the Noise

Implementing automation software that allows your employees to focus on acting, instead of searching for where they need to act, can help security teams filter through the massive amounts of dark web data to identify and respond to relevant threats.

4) Track Threats Specific to Your Organization

Many cyberattacks could be prevented if it was clear that a specific threat or vulnerability could be used against the organization. By monitoring and tracking specific threat types and threat actors, an organization can be better prepared for and defend against cyber threats.

5) Never Underestimate the Power of Cyber Security Training

Employees are always a weak link in the cybersecurity chain. By training your entire organization to be aware of common hacker tactics, you can significantly strengthen one of the most common and successful attack vectors for cybercriminals. Make sure you have a practical and effective security awareness and training program in place that includes the importance of understanding dark web threats.

The current reality is that the dark web is an extremely efficient marketplace and trading venue for cybercriminals, organized crime networks and state-sponsored actors. That is what makes threat dark web intelligence all the more important today – because what you can’t see, can hurt you.

For further information on the latest cyber trends and threat actors targeting financial and banking companies, you can download IntSights’ Financial Services Threat Landscape Report found here.


Financial Services Threat Landscape Report: July 2018

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.