Category: Financial

“You’re always going to see the government be more cautious and incremental in response to most incidents than the private sector probably would like,” Michael Daniel, the White House cybersecurity coordinator, said in a recent interview, speaking generally.

This much is clear: The last eight months of disruptions to bank Web sites, caused by efforts to crash servers with torrents of computer traffic, have not been severe enough to trigger a military response, cyber or otherwise.

Daniel, the White House cyber official, said he thinks companies need to do more to defend their own networks as part of a “spectrum of responsibility” that includes the public and private sectors.

At a March meeting of banking executives hosted by the Treasury Department, U.S. officials made clear to the chief executive officers that they could not simply rely on the government for cybersecurity. Some banking officials say they would like the providers — including Verizon, AT&T and Century Link — to do more to block malicious traffic headed toward their networks.

Alexander, the director of the National Security Agency, suggested that the Internet companies would be best positioned to block an Aramco-type attack with help from the NSA. If a company is asked by the government to screen the traffic to stop an attack, it could be seen as acting as a government agent, exposing the firm to legal action.

Alexander, industry officials say, would like the Internet providers to be able to screen traffic entering U.S. networks, but privacy laws prevent them from doing so unless, for instance, they have customer consent or a court order.

Link: http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html

Making reference to a series of cyber attacks that targeted several of the biggest US banks toward the end of 2012, the FSOC noted “the knowledge and skill of the attackers appeared to increase over time.”

In an attempt to protect the financial system against these attacks, the FSOC proposed “enhancing cross-sector cooperation, particularly with industries upon which the financial sector is dependent, such as energy, power, and telecommunications.” “Public-private partnership improvements in the analysis and dissemination of robust information to improve real-time responses to cyberattacks will enhance incident management, mitigation, and recovery efforts,” the report added.

Link: http://www.adelaidenow.com.au/news/breaking-news/us-banking-sector-vulnerable-to-hackers/story-e6frea7u-1226630247494

A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters took responsibility for the American Express attack, as it has for other attacks on banks and financial services organizations. Third party analysis of the attacks on American Express and other banks suggest that those behind the operation are well-funded and sophisticated: leveraging networks of compromised web servers to host attacks and using sophisticated tools to target weak points in public facing banking and business applications.

In February, the website Krebsonsecurity reported that Bank of the West was the victim of a large denial of service attack that acted as cover for unauthorized transfers from one of the bank’s commercial customers that totaled $900,000.

However, Citi has been hampered in its investigation by a lack of reliable data, constrained funding and a dearth of forensic and case management tools to analyze it, she said.

The bank has plenty of security software and hardware, and relies heavily on its security information management (SIM) systems, but the focus is still on protecting Citi’s network from external threats or removing threats, not analyzing activity within the network to spot malicious or suspicious goings on. Activity due to malware or phishing attacks and lateral movement on the network characteristic of so-called “advanced persistent threats” can be difficult to spot with current tools, she said.

Out of 100 countries, Older estimated that only 50 have laws that allow Citi to look at the kinds of specific data on IP addresses, logins and other data that’s necessary to conduct a proper investigation. “We have cases where we know there’s malware there, and we know an investigation happened, but we can’t get the data back,” Older said. “I think it would benefit us greatly if we could get past that and find a way to be sensitive to privacy regulations in a way that also lets us get meaningful data.”

Link: http://securityledger.com/the-new-normal-wednesday-is-ddos-day-at-citigroup/

“The biggest change is the maintenance and the growth in the botnet,” Dan Holden, director of Arbor Networks’ Security Engineering and Response Team explained for Ars Technica.

And they’ve added some twists and techniques to their tools as time goes on, focusing their attacks more on the particular applications of the banks they’re targeting.

And while the attacks bring huge losses to the targeted institutions – whether it’s because the customers can’t access their accounts for days at the time, because the hackers or other cyber crooks might have used the DDoS attacks as a cover for fraudulent transaction, or because of the preventative measures they had to undertake to protect their websites – the cost for the attackers is thought to be also considerable.

Considering the effort and hours it takes to maintain the attack botnets, and the continuing refinement of the attacks, Holden believes that it couldn’t be done without financial backing.

Link; http://www.net-security.org/secworld.php?id=14691