Cyber attacks get more vicious
With cyber attacks getting more fierce and dangerous, the basic rule stands: Do not fall for the temptation of opening attachments or links, even if they seem to come from a friend or relative on social media accounts like Twitter or Facebook.
Yes, cyber hackers are using the power of social networking to propagate their malwares, and they are seeing how quickly this can spread across the globe.
The New York Times reported that it took only one attempt on a Twitter post of a targeted Pentagon official for Russian hackers to make its way into the US government’s computer system, and which is now a broiling issue for the Trump government.
The link on a Twitter post seemed innocuous, like most harmless ads promising bargain vacation packages for the whole family. And it surely was enough to make the targeted government official click on the link. Malwares on Twitter or Facebook
Most people have already been trained to keep away from dubious attachments on their e-mails, and this seems to be working, to the dismay of cyber criminals. But having malwares on Twitter or Facebook is a totally different story, and one that needs a more discerning eye.
A recent report showed that roughly 30 percent of spear phishing e-mails is opened by their targets. On the other hand, 66 percent of spear phishing messages sent through social media sites were clicked on by their target victims. Protecting users
Recognizing the new dangers posed by malwares on their sites, Twitter and Facebook have started coming up with measures to counter these attacks. Facebook, in particular, is reportedly now using specialized notifications, detection systems, and user education to protect its users.
This also includes highlighting the need for users to keep their profile settings private so that only those people who really matter can access or see their posts on Facebook or tweets on Twitter.
Other cyber security experts also suggest checking the link’s actual URL by putting the mouse’s arrow over the link: if it contains many strange characters or is overly long, best to ignore the link and warn others to be wary of the site.
On Twitter, check the accounts that follow you. If it’s someone that follows you and thousands of others, but only posts impersonal links, the Twitter account, holder is likely to be a bearer of bad news. Best to immediately block this.
If you can afford it, get a comprehensive internet security program installed on you computer to spot, block, and remove malwares. WannaCry
WannaCry, the latest and reportedly most vicious cyber attack targeting consumers, did not exactly pose a real threat to the banking industry – yet. But it showed the desperation of cyber criminals to extort money from its victims using the internet.
WannaCry is a ransomware that locks people out of their computers and demands hundreds of dollars from the user to gain back control of their computer data. It affected 200,000 computers in 150 countries, with those living in Russia, Ukraine, India and Taiwan reportedly the most affected.
The ransomware had been quickly quashed when a 22-year old security researcher in the UK discovered a “kill-switch” that stopped its spread. According to experts, the perpetuators barely made $100,000 during its brief life.
The ransomware is believed to share the same code as that previously used by the Lazarus Group which was responsible for the cyber attack on Sony Pictures in 2014 and the Bangladesh bank heist in 2016. Whether this is true or not, WannaCry triggered the Philippine media to solicit a response from the Bangko Sentral ng Pilipinas. Banking security
The Bangladesh incident happened more than a year ago wherein about $81 million was lost to hackers. But the scope of the attack and its potential harm has sent the global banking system shoring up its security walls even higher to prevent other attacks.
Not that the Bangladesh Central Bank was the first — or worst attack — of its kind. In 2015, the Carbanak hacking group claimed responsibility for stealing more than $1 billion from several financial institutions using a similar scheme.
By infiltrating the bank’s system and observing the bank’s internal processes and procedures, the cyber bank robbers were able to plan their next steps. In the case of 2015 heist, Carbanak attacked through fraudulent ATM, cash transactions, and money transfers.
With the Bangladesh bank, it used the Swift network that banks use to transfer money. In this case, it was accessing Bangladesh’s bank account at the Federal Reserve Bank of New York, and subsequently transferring funds to accounts in the Philippines where they subsequently disappeared. Safeguards needed
It’s a recipe that can easily be replicated, and is believed to have been copied in the recent cases involving Vietnam and Ecuador. The biggest lesson here is the need for banks and financial institutions to have proper safeguards to prevent similar attacks from happening.
This would include continuous and diligent assessment of the banking system taking into consideration any opportunities for human error and network vulnerabilities. Of course, this goes without saying that compliance with regulations set by the country’s banking regulator have to be strictly followed.
The lessons learned from the Bangladesh heist have been the subject of many discussions, and the global banking industry has recognized the need for increased vigilance and more secure identification passwords that trigger approvals in the banking system.
With billions of dollars at stake, we should expect attacks against banks and financial institutions to become more aggressive while cyber attackers refine their strategies and tactics with the ultimate aim of going for bigger sums. Erosion of trust and confidence
As BSP Governor Amando Tetangco had pointed out, the stakes are not just limited to the banks. “If left unmanaged, these (cyberattacks) can cause financial instability and the erosion of trust and confidence in the financial system,” he said.
It’s difficult to imagine going back to those days when one had to go to the bank and present a withdrawal note (and bank book) to be able to get some money. Facebook and Twitter
We are actively using two social networking websites to reach out more often and even interact with and engage our readers, friends and colleagues in the various areas of interest that I tackle in my column. Please like us at www.facebook.com and follow us at www.twitter.com/ReyGamboa.