Cybersecurity Insight

Warning to Banks: Lazarus Group Hackers Ready to Strike

14 Jun

The Federal Financial Institutions Examination Council, or FFIEC, is warning banks across the country and around the world about the threats posed by hackers to their networks. Specific to the Lazarus Group but also serving as an umbrella warning, the FFIEC is opening the lines of communication between banking institutions big and small in order to prepare them for the rocky cyber security road ahead. What changes will these institutions have to make, and how does it affect their client base?

If we look at the way history has unfolded, Lazarus Group definitely poses a significant threat to banks and other institutions around the world (they were linked to the Sony scandal in 2014). With four separate cyber attacks this year on banks in Ecuador, the Philippines, Vietnam and Bangladesh that resulted in more than $100 million stolen, the international banking system needs some serious upgrades and fast. Not even because of the amount of money stolen, but because of the way identity is verified when utilizing SWIFT. SWIFT is the worldwide network that facilitates communication between banks when they have to settle transactions in order to make transfers – there is a HUGE flaw in this system since it is one based on trust. Essentially, Bank A is trusting that Bank B is actually who they say they are when transferring money to them. And, when dealing with hundreds of millions of dollars in currency, that is not a secure system.

Obviously the trust system that SWIFT utilizes is unique to the worldwide banking industry; however, the lessons learned from these particular episodes can be transferred to any industry. One major point mentioned in the piece is that small banks are the most at-risk due to the lack of cyber security protection resources available; businesses of all sizes should, and need to, be able to protect their networks and data. Neovera’s cyber threat detection and threat prioritization (two of the many options in our Cyber Security Services offerings) lends itself perfectly to the protection all banks and credit unions need in IoT. Trust us with your most precious data, and know that you can focus on the business at hand without looking over your shoulder for surprise cyber attacks.