Sophisticated Nation-State Cyber Attacks Put Banks at Risk


Trevor Reschke Head of Threat Intelligence

Information security professionals expect to face more nation-state attacks (state-sponsored cyberattacks) in the coming year. And with cybercriminals increasingly expanding their targets to include businesses, that could be a concern for banks and other financial institutions. 


Information security professionals appear to be acutely aware of this development. At the Infosecurity Europe show late last month, almost all (93%) of more than 400 information security professionals surveyed said that they thought nation-state attacks would increase over the next year. 


For anyone paying attention, this ‘news’ should not be surprising, given the escalating political tensions and an increasing awareness that governments can readily outsource such expertise to skilled third-parties. It’s important to note that these governments are purposefully outsourcing the accountability as well. 


But the more concerning finding from the survey, which was carried out by Tripwire, was consensus view that nation-state actors are broadening their horizon of potential targets. In the study, 83% of respondents said that they believed nation states would expand their targets to target more non-government organizations over the next 12 months. 


This finding aligned with the view of Robert Hannigan, former director general of the UK’s General Communications Headquarters (GCHQ), who told delegates of the same conference that all organizations must now realize that they are potential targets of state-sponsored cyberattacks. 


Survey Comes in Wake of New Attacks 


The prediction of broadening nation-state attacks follows in the wake of official UK and US attribution of WannaCry to North Korea as well as accusations against Russia of targeting government and private digital systems. It also comes as accusations fly around Russia using Ukraine as some kind of cyber ‘test lab’, and is only weeks after a sophisticated attack against the Bangladesh Central Bank resulted in the theft of $80 million. 


These attacks can of course be carried out for reasons that aren’t immediate financial theft – there is almost universal agreement that Russia manipulated social media to sway the 2016 US election, presumably in a bid to have greater control and influence over the global polite climate. 


Why exactly are nation states broadening their horizons beyond traditional governmental targets? To steal money? It’s probably not that simple. It’s a plausible argument that ‘cyber’ is now the discrete, inexpensive and speedy way of attacking countries for myriad reasons such as influencing a stock crash in a bid to harm an economy, intellectual property theft, or simply inciting fear. 


The good news is that organizations are, by and large, aware of the threat and are taking precautions to prepare themselves for such intrusions.  


In the survey, over two-thirds (69%) said their organizations had increased efforts to defend against nation-state attacks in the last year, with 60% saying they now felt ‘fairly prepared’ if an attack was to take place. 22% felt “very prepared” and 18% said they did not feel prepared at all, a sign perhaps that security maturity can differ wildly among different companies. 


So Will We See More Attacks Against Financial Firms? 


Nation-state interest won’t exactly be news to financial services organizations who face thousands of attacks each day, ranging from basic phishing emails to ransomware and advanced persistent threats (APTs). Indeed, nation-state attacks aren’t out of the norm; two years ago reports surfaced that Chinese state attackers had allegedly launched attacks on worldwide banking networks as early as 2006 and had begun uploading malware to said bank networks in 2013.  


Banks interest nation states because a) they are part of their country’s critical infrastructure but also because b) a lot can be learned simply by understanding where money comes and goes. 


For example, in its annual predictions for 2018, Kaspersky warned of the infamous Lazarus Group, which is said to be a North Korean state-sponsored organization. The Lazarus Group is already believed to have attacked numerous banks across Latin America, Europe, Asia and Oceania, with the intention of withdrawing hundreds of millions of dollars. Notably, as analysts at Kaspersky pointed out, the data released on the attacks indicated that these state-sponsored groups were targeting firms ‘in order to learn more about cash flows’.  


“It is very likely that next year other APT groups from countries that have just joined the cyber-spy game will follow this approach – both to earn money and to obtain information about customers, the flow of funds and the internal procedures of financial organizations,” read the report. 


Trusted Knight’s patented Protector Air provides banks with full transaction stack protection. Full transaction stack protection focuses on individual transactions, irrespective of the integrity of either the endpoint device or the end user. Through its cloud-based solution it can protect against customer-side malware, prevent web application exploitation, block DDoS attacks, and stop transactional fraud. To request a demo or read the technical white paper, please click below. 


Request a Free Trial Download Whitepaper Now