Cybersecurity in Financial Institutes: Methods and Prevention
VerifiedAdded on  2022/09/14
|10
|2508
|20
Report
AI Summary
This report examines the methods cyber-criminals use to attack financial institutions, including shifting tactics, SIM jacking, phishing, infrastructure attacks, and targeting third-party services. It highlights techniques like fraudulent transfers and watering hole attacks, emphasizing the importance of understanding the attacker's knowledge of banking platforms. The report also proposes courses of action to reduce cybercrime, such as analyzing fraud and cyber risks, responding effectively to network breaches through segmentation, implementing and enforcing robust security policies at the enterprise level, and continuously monitoring for changes in the network. It concludes that financial institutions must adopt the latest tools and tactics to combat evolving cyber threats and protect sensitive data.
Running head: CYBERSECURITY
CYBERSECURITY
Name of the Student
Name of the University
Author Note:
CYBERSECURITY
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CYBERSECURITY
Table of Contents
Introduction......................................................................................................................................2
Methods Used by Cyber-Criminals to attack Financial Institutes...................................................2
Course of Action to reduce Cyber-crime.........................................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................8
Table of Contents
Introduction......................................................................................................................................2
Methods Used by Cyber-Criminals to attack Financial Institutes...................................................2
Course of Action to reduce Cyber-crime.........................................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................8
2CYBERSECURITY
Introduction
Modern technology has completely enhanced the different business activities. Cyber technology
has completely taken the organization to the next level of profit. This has ultimately provided
great favor to the various financial institutions by giving the option of digital money, data
storage, and other kind of online activities(Bada, Sasse & Nurse, 2019). Cybercrimes can be
stated as technology diseases that are spreading at a rapid rate. At present, nothing is secured,
and all the financial institutions are entirely under threat. The study merely focuses on the
exploration of the impact of cyber-attacks on different financial institutes (Dua & Du, 2016).
Cyber-attack is one of the major challenges in the last few years as it does not only result in
financial loss but also leakage of other sensitive data.
In the coming pages of the report, an overview has been provided regarding the method used by
cyber-criminals for attacking different financial institutes. The next part deals with the course of
action to reduce cyber-crimes.
Methods Used by Cyber-Criminals to attack Financial Institutes
Cyber-attacks ultimately result in undermining the overall integrity of the different financial
organizations and underlying infrastructure and related systems, which drives the overall
operation (Gupta, Agrawal & Yamaguchi, 2016). Some of the methods used by cyber-criminals
to attack financial institutes are discussed below:
Shifting tactics and Techniques: Attackers merely target bank customers, but some of
them shift their attention to large business organization employees. Cyber-criminals can make
use of money not by compromising the bank account, but by targeting the infrastructure of the
bank (Mendel, 2017). Telecommunication networks and banking domains are considered as the
Introduction
Modern technology has completely enhanced the different business activities. Cyber technology
has completely taken the organization to the next level of profit. This has ultimately provided
great favor to the various financial institutions by giving the option of digital money, data
storage, and other kind of online activities(Bada, Sasse & Nurse, 2019). Cybercrimes can be
stated as technology diseases that are spreading at a rapid rate. At present, nothing is secured,
and all the financial institutions are entirely under threat. The study merely focuses on the
exploration of the impact of cyber-attacks on different financial institutes (Dua & Du, 2016).
Cyber-attack is one of the major challenges in the last few years as it does not only result in
financial loss but also leakage of other sensitive data.
In the coming pages of the report, an overview has been provided regarding the method used by
cyber-criminals for attacking different financial institutes. The next part deals with the course of
action to reduce cyber-crimes.
Methods Used by Cyber-Criminals to attack Financial Institutes
Cyber-attacks ultimately result in undermining the overall integrity of the different financial
organizations and underlying infrastructure and related systems, which drives the overall
operation (Gupta, Agrawal & Yamaguchi, 2016). Some of the methods used by cyber-criminals
to attack financial institutes are discussed below:
Shifting tactics and Techniques: Attackers merely target bank customers, but some of
them shift their attention to large business organization employees. Cyber-criminals can make
use of money not by compromising the bank account, but by targeting the infrastructure of the
bank (Mendel, 2017). Telecommunication networks and banking domains are considered as the
3CYBERSECURITY
primary targets. Attack on them ultimately results in targeting ATM, SWIFT networks, payment
gateway, and card processing system. The attacker comes up with the capability to manipulate
the bank customer information system.
SIM Jacking: Social engineering attack has also become very much widespread. In these
kinds of attack, the main focus is on identifying the phone number of customer who accounts
needs to be compromised (Kshetri, 2017). Attackers pretend to be a telecommunication
subscriber and report that they have lost their SIM card. They mainly trick the telecom provider
for the re-issue of a SIM card for the provided number (Hubbard & Seiersen, 2016). The attacker
makes use of re-issued SIM card for carrying out transactions and steal all the money from the
customer account.
Phishing technique: Targeting customers require the involvement of various kind of
methods. The attacker makes a combination and takes up a clue from the earlier phishing
techniques like fake spy android banking system (Newhouse et al., 2017). A bank malware can
do this by making use of an automatic transfer system that allows the use of a web injection
script known as an injection. This merely aims in automatic initiation of fund transfer along with
a bypass authentication mechanism (Carr, 2016). Attackers can make use of this to altogether
bypassing the security control of the bank. It also forces the user to install some malicious
components on different mobile devices. Code injection is also inserted into the banking website
or its related components.
Attacks on infrastructure: Cyber-criminals also target the network infrastructure.
Unfortunately, this merely focuses on different system components like the internal banking
system, which are left open on internet platforms (Anwar et al. 2017). Different hackers merely
target these. Multiple malware campaigns with the use of domain name system capabilities using
primary targets. Attack on them ultimately results in targeting ATM, SWIFT networks, payment
gateway, and card processing system. The attacker comes up with the capability to manipulate
the bank customer information system.
SIM Jacking: Social engineering attack has also become very much widespread. In these
kinds of attack, the main focus is on identifying the phone number of customer who accounts
needs to be compromised (Kshetri, 2017). Attackers pretend to be a telecommunication
subscriber and report that they have lost their SIM card. They mainly trick the telecom provider
for the re-issue of a SIM card for the provided number (Hubbard & Seiersen, 2016). The attacker
makes use of re-issued SIM card for carrying out transactions and steal all the money from the
customer account.
Phishing technique: Targeting customers require the involvement of various kind of
methods. The attacker makes a combination and takes up a clue from the earlier phishing
techniques like fake spy android banking system (Newhouse et al., 2017). A bank malware can
do this by making use of an automatic transfer system that allows the use of a web injection
script known as an injection. This merely aims in automatic initiation of fund transfer along with
a bypass authentication mechanism (Carr, 2016). Attackers can make use of this to altogether
bypassing the security control of the bank. It also forces the user to install some malicious
components on different mobile devices. Code injection is also inserted into the banking website
or its related components.
Attacks on infrastructure: Cyber-criminals also target the network infrastructure.
Unfortunately, this merely focuses on different system components like the internal banking
system, which are left open on internet platforms (Anwar et al. 2017). Different hackers merely
target these. Multiple malware campaigns with the use of domain name system capabilities using
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4CYBERSECURITY
springboard for getting the actual targets. User network equipment can easily tamper the scale,
which ultimately redirects the user to a hacked controlled DNS.
Attack on third party companies servicing bank: To access the target banking
organization, an attacker needs to get down for brass tacks. It is merely done by attacking the
target weaker lines (Joveda, Khan & Pathak, 2019). Social engineering attacks are considered as
the bread and butter of cyber-criminals. Hackers need to have an idea regarding the actual
employees of the organization. It merely includes their position and topic of interest. The
possible way to gather the information is all about compromising with service with the
organization (Ojeka, Ben-Caleb & Ekpe, 2017). An attacker can also obtain all the potential
targets by a thorough analysis of data on the collaborative system. Cobalt is known to
compromise the bank or financial institute supply chain, which has access to the target perimeter
ultimately. By making use of SPN, Cobalt attacking companies and other banks in order to get
rid of bank interest.
Attack on banking infrastructure: Direct attack on the IT perimeter stand out to be
uncommon for attackers who usually make of phishing for gaining a foothold of the target.
Attackers can go much great length at the time of preparing the phishing campaign (Camillo,
2017). They would merely register a domain name for assembling the company, which their
target organization in a relationship—the subject and content of phishing email which needs to
be related. One of the best techniques which help in proactively detecting the campaign is
analyzing newly registered domains for a keyword of interest (Ojeniyi & Abdulhamid, 2019).
After that, monitoring has been done regarding domain appearance in email traffic.
Watering Hole Techniques: It is used where exploit code is planted for compromising
with a website that targets employees of the organization. Timing dependencies are used in the
springboard for getting the actual targets. User network equipment can easily tamper the scale,
which ultimately redirects the user to a hacked controlled DNS.
Attack on third party companies servicing bank: To access the target banking
organization, an attacker needs to get down for brass tacks. It is merely done by attacking the
target weaker lines (Joveda, Khan & Pathak, 2019). Social engineering attacks are considered as
the bread and butter of cyber-criminals. Hackers need to have an idea regarding the actual
employees of the organization. It merely includes their position and topic of interest. The
possible way to gather the information is all about compromising with service with the
organization (Ojeka, Ben-Caleb & Ekpe, 2017). An attacker can also obtain all the potential
targets by a thorough analysis of data on the collaborative system. Cobalt is known to
compromise the bank or financial institute supply chain, which has access to the target perimeter
ultimately. By making use of SPN, Cobalt attacking companies and other banks in order to get
rid of bank interest.
Attack on banking infrastructure: Direct attack on the IT perimeter stand out to be
uncommon for attackers who usually make of phishing for gaining a foothold of the target.
Attackers can go much great length at the time of preparing the phishing campaign (Camillo,
2017). They would merely register a domain name for assembling the company, which their
target organization in a relationship—the subject and content of phishing email which needs to
be related. One of the best techniques which help in proactively detecting the campaign is
analyzing newly registered domains for a keyword of interest (Ojeniyi & Abdulhamid, 2019).
After that, monitoring has been done regarding domain appearance in email traffic.
Watering Hole Techniques: It is used where exploit code is planted for compromising
with a website that targets employees of the organization. Timing dependencies are used in the
5CYBERSECURITY
provided technique (Terlizzi et al., 2017). Activities at a particular time of the day like
lunchtime, where users much more time browsing the internet platform. The main is all about
stealing money that is either in electronic or paper form. Attacks are also exploited
vulnerabilities in the ATM and PoS infrastructure for money laundering. It merely includes some
of the illegal activities like collecting payments from the stolen debit card by running charges.
Fraudulent transfer: The attacker merely highlights a good understanding of the
platform by carrying out fraudulent transfer (Mendel, 2017). It only highlighted attacker
knowledge of the banking domain by complete tampering with ISO 8583 protocol
communication. An attacker merely hack into ATM front-end processor that ultimately handles
the processing and interaction in between input devices and host system (Kshetri, 2017)
. Tampering with ISO 8583 software is merely done by code injection, which ultimately results
in fraudulent response for requests from ATMs.
Course of Action to reduce Cyber-crime
IT departments at banks need to have increased protection of customer data so that they can
limit the credit card fraud. The internal system of most of the banks needs proper security in
order to tackle the cyber-attack (Hubbard & Seiersen, 2016). IT department bank need to follow
some steps in order to enhance overall network security like
Analyzing fraud and Cyber risk in aggregate: The whole domain of cyber and financial
criminals are increasingly overlapped. Fraudster borrows some tactics from a different hacker,
which help in gaining access to the account (Newhouse et al., 2017). It does not require any
concrete step into the bank branch. Networks of some bad actors from both the cyber world and
the financial fraud world emphasizing sharing both data and tools. Prevention of these crimes
provided technique (Terlizzi et al., 2017). Activities at a particular time of the day like
lunchtime, where users much more time browsing the internet platform. The main is all about
stealing money that is either in electronic or paper form. Attacks are also exploited
vulnerabilities in the ATM and PoS infrastructure for money laundering. It merely includes some
of the illegal activities like collecting payments from the stolen debit card by running charges.
Fraudulent transfer: The attacker merely highlights a good understanding of the
platform by carrying out fraudulent transfer (Mendel, 2017). It only highlighted attacker
knowledge of the banking domain by complete tampering with ISO 8583 protocol
communication. An attacker merely hack into ATM front-end processor that ultimately handles
the processing and interaction in between input devices and host system (Kshetri, 2017)
. Tampering with ISO 8583 software is merely done by code injection, which ultimately results
in fraudulent response for requests from ATMs.
Course of Action to reduce Cyber-crime
IT departments at banks need to have increased protection of customer data so that they can
limit the credit card fraud. The internal system of most of the banks needs proper security in
order to tackle the cyber-attack (Hubbard & Seiersen, 2016). IT department bank need to follow
some steps in order to enhance overall network security like
Analyzing fraud and Cyber risk in aggregate: The whole domain of cyber and financial
criminals are increasingly overlapped. Fraudster borrows some tactics from a different hacker,
which help in gaining access to the account (Newhouse et al., 2017). It does not require any
concrete step into the bank branch. Networks of some bad actors from both the cyber world and
the financial fraud world emphasizing sharing both data and tools. Prevention of these crimes
6CYBERSECURITY
needs collaboration on some defensive aspects. Both anti-fraud and cyber-security professionals
need to evaluate background and devices to investigate and make a response to threat (Carr,
2016). Institute policies and processes like cross-training and incident hacking ensure that there
are anti-fraud and cyber-security professionals sharing and insight and learning from one
another.
Making a response if the network has already been breached: Adaptation of this
particular mindset forces the IT team to prioritize vital parts of business parts in the network
completely. There is a need for the use of network segmentation as a strategy (Anwar et al.
2017). If it is done correctly, then the segmentation collected through of network limits the
overall capability of a hacker. It merely focuses on moving laterally across the web.
Segmentation of the system needs continuous updates and configuration. It can highlight the
difference between a hacker getting as far as an infected computer (Joveda, Khan & Pathak,
2019). This ultimately helps themselves to the ATM system of the bank.
Implementation of Security policy on enterprise-level: A properly defined security
policy works like a vital road map for the IT team of the bank. This merely aims to maintain an
adaptive security architecture (Ojeka, Ben-Caleb & Ekpe, 2017). This merely helps the people in
protecting the bank system and determining the most suitable way for the network to operate
using minimum risk. A security policy needs to be taken into account for different regulatory and
requirements of enterprise compliance (Camillo, 2017). It merely applied how it can be applied
as per the time patches in order to maintain compliance.
Enforcement of security Policy: It is one thing to include in the security policy, which
merely defines how the IT plan behaves. This merely validates, which is completely enforced
across the network (Ojeniyi & Abdulhamid, 2019). Doing the former but not the latter one might
needs collaboration on some defensive aspects. Both anti-fraud and cyber-security professionals
need to evaluate background and devices to investigate and make a response to threat (Carr,
2016). Institute policies and processes like cross-training and incident hacking ensure that there
are anti-fraud and cyber-security professionals sharing and insight and learning from one
another.
Making a response if the network has already been breached: Adaptation of this
particular mindset forces the IT team to prioritize vital parts of business parts in the network
completely. There is a need for the use of network segmentation as a strategy (Anwar et al.
2017). If it is done correctly, then the segmentation collected through of network limits the
overall capability of a hacker. It merely focuses on moving laterally across the web.
Segmentation of the system needs continuous updates and configuration. It can highlight the
difference between a hacker getting as far as an infected computer (Joveda, Khan & Pathak,
2019). This ultimately helps themselves to the ATM system of the bank.
Implementation of Security policy on enterprise-level: A properly defined security
policy works like a vital road map for the IT team of the bank. This merely aims to maintain an
adaptive security architecture (Ojeka, Ben-Caleb & Ekpe, 2017). This merely helps the people in
protecting the bank system and determining the most suitable way for the network to operate
using minimum risk. A security policy needs to be taken into account for different regulatory and
requirements of enterprise compliance (Camillo, 2017). It merely applied how it can be applied
as per the time patches in order to maintain compliance.
Enforcement of security Policy: It is one thing to include in the security policy, which
merely defines how the IT plan behaves. This merely validates, which is completely enforced
across the network (Ojeniyi & Abdulhamid, 2019). Doing the former but not the latter one might
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBERSECURITY
comply with some of the regulations. This will not make the whole network much safe. The
organization needs to monitor for necessary changes in the network. It merely enforces
configuration and ensures that the changes are completely approved and compliant with the
policy (Terlizzi et al., 2017). This stands out to be a collaborative effort in the whole enterprise
network operation, CIO, and security operations.
Conclusion
From the above pages, the point can be concluded that this report is all about the evaluation of
the method used by cyber-criminals to attack financial institutes. Cyber-crime is a growing
global issue that needs to tackle. The point should be noted that there is no discrimination
between developed or developing countries, the same for all. The attacks do not have any
restrictions on boundaries. There is no possible way of escaping from the fact that most of the
financial institutions. A large number of things are included in this like money, public, and
information associated with it. The point should be concluded that the bank has much higher
chances of cyber-crimes in comparison to other institutes. The financial institution regular
updates by using the latest tools and tactics to deal with the hacker. Equifax stands out to be one
of the biggest victims who has already suffered from the worst kind of data breaches. Cyber-
attacks have completely affected most of the business, but it requires much more attention.
comply with some of the regulations. This will not make the whole network much safe. The
organization needs to monitor for necessary changes in the network. It merely enforces
configuration and ensures that the changes are completely approved and compliant with the
policy (Terlizzi et al., 2017). This stands out to be a collaborative effort in the whole enterprise
network operation, CIO, and security operations.
Conclusion
From the above pages, the point can be concluded that this report is all about the evaluation of
the method used by cyber-criminals to attack financial institutes. Cyber-crime is a growing
global issue that needs to tackle. The point should be noted that there is no discrimination
between developed or developing countries, the same for all. The attacks do not have any
restrictions on boundaries. There is no possible way of escaping from the fact that most of the
financial institutions. A large number of things are included in this like money, public, and
information associated with it. The point should be concluded that the bank has much higher
chances of cyber-crimes in comparison to other institutes. The financial institution regular
updates by using the latest tools and tactics to deal with the hacker. Equifax stands out to be one
of the biggest victims who has already suffered from the worst kind of data breaches. Cyber-
attacks have completely affected most of the business, but it requires much more attention.
8CYBERSECURITY
References
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., & Xu, L. (2017). Gender difference and employees'
cybersecurity behaviors. Computers in Human Behavior, 69, 437-443.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Camillo, M. (2017). Cybersecurity: Risks and management of risks for global banks and
financial institutions. Journal of Risk Management in Financial Institutions, 10(2), 196-
200.
Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International
Affairs, 92(1), 43-62.
Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. CRC press.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Hubbard, D. W., & Seiersen, R. (2016). How to measure anything in cybersecurity risk. John
Wiley & Sons.
Joveda, N., Khan, M. T., & Pathak, A. (2019). Cyber Laundering: A Threat to Banking
Industries in Bangladesh: In Quest of Effective Legal Framework and Cyber Security of
Financial Information. International Journal of Economics and Finance, 11(10), 54-65.
Kshetri, N. (2017). Blockchain's roles in strengthening cybersecurity and protecting
privacy. Telecommunications policy, 41(10), 1027-1038.
References
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., & Xu, L. (2017). Gender difference and employees'
cybersecurity behaviors. Computers in Human Behavior, 69, 437-443.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Camillo, M. (2017). Cybersecurity: Risks and management of risks for global banks and
financial institutions. Journal of Risk Management in Financial Institutions, 10(2), 196-
200.
Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International
Affairs, 92(1), 43-62.
Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. CRC press.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Hubbard, D. W., & Seiersen, R. (2016). How to measure anything in cybersecurity risk. John
Wiley & Sons.
Joveda, N., Khan, M. T., & Pathak, A. (2019). Cyber Laundering: A Threat to Banking
Industries in Bangladesh: In Quest of Effective Legal Framework and Cyber Security of
Financial Information. International Journal of Economics and Finance, 11(10), 54-65.
Kshetri, N. (2017). Blockchain's roles in strengthening cybersecurity and protecting
privacy. Telecommunications policy, 41(10), 1027-1038.
9CYBERSECURITY
Mendel, J. (2017). Smart grid cyber security challenges: Overview and classification. e-
mentor, 68(1), 55-66.
Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity
education (NICE) cybersecurity workforce framework. NIST Special Publication, 800,
181.
Ojeka, S. A., Ben-Caleb, E., & Ekpe, E. O. I. (2017). Cyber security in the nigerian banking
sector: an appraisal of audit committee effectiveness. International Review of
Management and Marketing, 7(2), 340-346.
Ojeniyi, J. A., & Abdulhamid, S. M. (2019). Security Risk Analysis in Online Banking
Transactions: Using Diamond Bank as a Case Study. International Journal of Education
and Management Engineering, 9(2), 1.
Terlizzi, M. A., Meirelles, F. D. S., & Viegas Cortez da Cunha, M. A. (2017). Behavior of
Brazilian banks employees on Facebook and the cybersecurity governance. Journal of
Applied Security Research, 12(2), 224-252.
Mendel, J. (2017). Smart grid cyber security challenges: Overview and classification. e-
mentor, 68(1), 55-66.
Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity
education (NICE) cybersecurity workforce framework. NIST Special Publication, 800,
181.
Ojeka, S. A., Ben-Caleb, E., & Ekpe, E. O. I. (2017). Cyber security in the nigerian banking
sector: an appraisal of audit committee effectiveness. International Review of
Management and Marketing, 7(2), 340-346.
Ojeniyi, J. A., & Abdulhamid, S. M. (2019). Security Risk Analysis in Online Banking
Transactions: Using Diamond Bank as a Case Study. International Journal of Education
and Management Engineering, 9(2), 1.
Terlizzi, M. A., Meirelles, F. D. S., & Viegas Cortez da Cunha, M. A. (2017). Behavior of
Brazilian banks employees on Facebook and the cybersecurity governance. Journal of
Applied Security Research, 12(2), 224-252.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.