The Dangers of Denial-of-Service Ransomware Attacks on Bank IT Security
According to Europol’s annual IOCTA report, the most prominent threat to cyberspace is ransomware. In a subsequent press release, the FFIEC notes ransomware attacks against financial institutions are increasingly conducted with data extortion in mind. When a ransomware attack locks business critical data and prevents banks from servicing its customers, the attack becomes a denial of service attack. Once attacked, it isn’t as simple as paying the ransom or restoring from backup. How will you respond? Do you have a response team that springs into action at a moment’s notice? What prevention policies does your bank have in place? Developing appropriate preventative and response protocols are a necessity for banks.
How Ransomware Equals DDoS
Why consider ransomware to be a DDoS attack? The answer is simple: If your data is locked and encrypted by an attacker and this data is business critical, you will lose business. No bank can function if customers are locked out of conducting banking transactions either at a branch or via a cloud access point. For business banking customers that send and receive continuous streams of financial information to partner banks, losing access to financial data can be greatly debilitating, damaging not only their business operations as well but your bank’s reputation.
In pure risk terms, the average attack denies or limits data access for 12 hours, with costs running upwards of $1 million dollars in lost operations. I worked with a manufacturing client that lost three days of production time due to a ransomware attack that hit all the data points that fed information to the assembly line robots. Additionally, and despite paying the ransom, the attackers took with them manufacturing schematics and data, selling them on the open market. Ultimately, the attack caused the company to close. Now imagine what these attackers could do with the identities and financial information of a successful bank’s clientele.
Prevention Is Key
The best way to prevent a DDoS attack via ransomware is to have a preventative strategy in place. This cannot be stressed enough. A successful ransomware attack indicates that an attacker was able to gain access to a bank’s network, find the data storage areas in the network and take control of this data while preventing the bank and its customers from accessing it, while adding extortion demands as a cherry on top.
As attacks gain in sophistication, the need to saturate a network to shut banks down has been replaced by introducing malware that barely draws a blip with traditional security monitoring due to its low bandwidth and resource usage, as well its short duration of impact. In as little as a few seconds, attackers can neutralize firewalls and intrusion prevention systems (IPS) and use automated network penetration or scanning techniques to map out your network and key data points. This makes it easy for such attacks to slip by undetected until it’s too late. While seemingly a daunting task, banks may be surprised to learn that with help and some changes to security data policies already in place, banks can have adequate preventions in place.
I find it useful to break down a preventative DDoS ransomware attack plan down into five key target points:
- Event Remediation
- Attack Response
- Data Analysis
While this list gives a bank a great start in developing a prevention plan, there is one last item that ties all of this together. I highly recommend installing DDoS protection hardware that gives you a “set it and forget it” solution that can pick up and detect very low level ransomware attacks by detecting granular changes on a bank’s network. Combined with IBM’s QRadar, you will have an always-on, automated solution in place to detect and stop ransomware attacks before they start.
Another Set Of Eyes
Most security solutions on the market focus on recovery and not prevention. As banks come under attack by ransomware generated DDoS events, the banking industry must get tougher on prevention. A banking or financial institution can take a proactive stance in preventing these events by engaging Champion for readiness assessment and solution integration. A banking institution will only have true comprehensive into network incursions with true, tested, proactive preventions put into place, which Champion can deliver with its experience and skilled team.