A fresh approach to security in online trading

Jouda Seghair

While it is ransomware that has held the spotlight of public attention recently, it is actually financial malware that is the greatest threat to our industry today. Research has revealed that with annual attacks numbering 1.2 million, financial malware is 2.5 times as prevalent as ransomware says Jouda Seghair

blockchain

Jouda Seghair is Director of International Marketing, Business Development UK & Ireland at Infocyte Inc. Infocyte’s post breach detection platform Infocyte Hunt is a military-grade malware hunt technology developed by former US Air Force cyber-security experts.

In the financial industry, security related products – those that purportedly protect enterprise assets – have been historically viewed as simple software investments. This has led to a general interpretation of these products as necessary operational costs that serve to allow the business to function unimpeded.

This general approach may have been appropriate in times past, however now the security field is an ever-changing threat landscape. Rates of custom created malware and financial malware in general are shockingly high, and growing rapidly.

Financial Malware 2.5 times more common than Ransomware

While it is ransomware that has held the spotlight of public attention recently, it is actually financial malware that is the greatest threat to our industry today. Research has revealed that with annual attacks numbering 1.2 million, financial malware is 2.5 times as prevalent as ransomware.

The Symantec Internet Security Threat Report (ISTR) Financial Threats Review 2017 stated that 38% of all financial threat detections were against corporations, rather than customers. While these attacks are more difficult to execute, they yield a higher profit, which is why there was 1.2 million such attacks in 2016.

Jouda Seghair

In some cases, malicious actors are launching malware attacks with the express purpose of gaining access to the inner workings of an enterprise so that behaviour can be observed and learned from, enabling the creation of custom malware designed to specifically exploit weaknesses within a given entity.

Given how the times have changed, and to what degree, what is now required is a shift in mindset, if the industry is to keep up with the threats posed and maintain the trust of the public. The old way of doing things – framing security, specifically defensive products, as costs to be borne in order to support core businesses, does not deliver the necessary engagement and vigilance required to effectively secure financial enterprises.

The malware targeting the industry today is so virulent and dangerous that it poses the risk of destroying fundamental infrastructures, whether virtual or physical, that organizations depend on.

A New Approach

Not all software investments in the industry are viewed as operational costs. Platforms such as core banking, treasury, and trades management are all understood to be integral and essential to the fundamental business goal, which is to generate profit.

As such, these banking platforms are not viewed as short term, commoditized, purchases. Rather they are viewed as long term, mission critical, investments that will yield returns.

It is time that security related purchases are viewed through the same lens – as critical investments that yield returns. A failure to adopt this view effectively equates to an institution willingly accepting unnecessary risk.

Adopting this new approach to security can, and should, be done in several ways. One element is defensive, and one focuses on post breach detection. It is virtually impossible to accomplish full security without engaging in both defensive and proactive measures.

Defence or Offence

Modern defensive measures include the adoption of endpoint detection and response (EDR), security intelligence (SI), and network and endpoint behavioural analytics. These solutions are effective in preventing threats from breaching enterprise assets and securing a foothold in the estate. However, none of these defensive solutions, even when layered, delivers complete and total security and safety from threats.

The second element that is required is post breach detection. There is no question that some malware succeeds in breaching defences and it is this that poses the greatest danger to assets. It poses the greatest danger precisely because so many enterprises purchase defensive solutions and proceed to function believing themselves protected and secure. Post breach detection is essentially hunting for malware and APTs that have breached defences and are residing undiscovered.

Post Breach Detection is Mission Critical

Solutions that offer post breach detection should be viewed in the same way as other mission critical investments like trading platforms. These are tools that allow enterprises to manage their dwell time and maintain consistent control over the threat that malware poses.

Recent research produced for Dell Secureworks has indicated that organizations that limit their dwell time to 7 days realize a reduction in business impact of 77%. Further reducing dwell time to 1 day delivers a reduction in business impact of 96%. These are significant impacts when read through the lens of asset values under management in the financial industry at large.

Post Breach Detection can be achieved today using one of four methods.

Script based hunting

There are several open-source platforms on the market that have well developed hunt methodologies – and there are two of particular note: PSHUNT and AssemblyLine. Both provide a collection of tools that administrators and it security professionals can use to quickly survey endpoints and enrich collected data using a mix of third-party commercial and open source tools. They are a good starting point for technical resources.

Indication of Compromise (IOC) Hunting

There is one viable solution currently available that detects threats using a methodology focused on IOCs – it is BSK Consulting’s ATP Thor. Hunting based on IOCs involves searching through log files, looking for typical attacker tools and anomalies in user accounts and sessions, examining error reports, dump files, network connections and more. This approach can be effective and is suitable for adoption in organisations with highly skilled technical resources that can manage and maintain the solution and the feeds required to operate it.

Incident Response Solutions repurposed to hunt

There are a number of digital forensics and incident response solutions available in the market, from commercial solutions such as Mandiant MIR to open source solutions like Google GRR. The challenge inherent in repurposing these tools to hunt malware is that they do not scale and also require highly skilled examiners to operate. This approach may be effective for small enterprises who decide to employ key expert personnel or who outsource the work of hunting.

Forensic State Analysis Hunting

There is a single solution on the market today that delivers forensic state analysis – it is Infocyte HUNT.  FSA is an automated approach to post-breach detection that assumes devices are already compromised and seeks to validate every endpoint as thoroughly as possible.

The automation inherent in FSA enables users to effectively deploy rapidly, dynamically, and at scale.

FSA operates independently from the host OS and uses dissolvable endpoint surveys to quickly collect live forensic data from both volatile and non-volatile memory. Non-memory based information is also collected to identify persistence mechanisms.

This data is then analyzed using a variety of post-breach analytics techniques, reputational, and multiple threat intelligence sources. Combining this live host forensic data and these analytic techniques, FSA determines the compromise state of endpoints.

Change the Culture for Results

Regardless of the method chosen, hunt programs need to become part of the fabric and culture of the modern financial enterprise. These are iterative processes that should be conducted with regular frequency. How frequently these can be employed will depend upon the speed and scalability of the post breach detection platform chosen.

Platforms that offer users the ability to hunt for malware should be viewed as investments similar to those made in fundamental baseline platforms that generate revenue, rather than as defensive software tools.

A failure to adopt malware hunting capabilities puts at risk the institutions’ ability to conduct business – attackers only have to succeed once in order to do damage, and they’re getting better all the time.

Read this next

Digital Assets

BlockDAG’s Presale Achieves $9.9M: Aiming For A 5000-Fold ROI As Cardano’s Price Rises And Fantom Launches Sonic

Explore Cardano’s surge, Sonic’s efficiency, and why BlockDAG’s growth makes it the top crypto choice. A deep dive into the future of blockchain investments.

Digital Assets

US, UK probe $20 billion Tether transfers tied to Russian exchange.

U.S. and UK authorities are investigating the movement of $20 billion in the USD-pegged stablecoin tether (USDT) through Moscow-based exchange Garantex.

Digital Assets

BlockDAG Presale Raises $9.9M as Batch 5 Nears Sell-Out Amid Bonk’s Fluctuating Trading Volume & Spell’s Bullish Price

Explore BONK’s trading volume, SPELL’s market shifts, and why BlockDAG’s 10,000 ROI makes it an ideal crypto for savvy investors in 2024.

Digital Assets

Bybit expands into Europe amid regulatory scrutiny

Dubai-based cryptocurrency exchange Bybit is expanding its operations in Europe after encountering regulatory challenges in Hong Kong.

Digital Assets

Cathie Wood’s sponsored Bitcoin ETF sees historic $200 million inflows

The ARK 21Shares Bitcoin ETF (ARKB), co-sponsored by Cathie Wood’s ARK Invest, registered historic inflows exceeding $200 million on Wednesday, signaling a robust appetite among investors for Bitcoin-centric investments.

Digital Assets

Sam Bankman-Fried might see his 25-year sentence halved

Sam Bankman-Fried, the founder of the failed cryptocurrency exchange FTX, was sentenced to 25 years in federal prison by a Manhattan court on Thursday. This comes after he was convicted of defrauding customers and investors, with Judge Lewis Kaplan highlighting the potential future risks posed by Bankman-Fried.

Technical Analysis

EURJPY Technical Analysis Report 28 March, 2024

EURJPY currency pair under the bearish pressure after the pair reversed down from the major resistance level 164.25, which also stopped the sharp weekly uptrend at the end of last year,

Digital Assets

BlockDAG’s Presale Hits $9.9M, MultiversX & MINA Price Predictions Show Green

Read about BlockDAG’s promising $10 prediction and insights on MultiversX Price Prediction as MINA’s potential unfolds.

Digital Assets

Rockstar Co-Founder and All-star Line Up Join Advisory Board to Take Metacade into Post Beta Orbit

Metacade, the revolutionary Web3 gaming platform, prepares to streak out of beta with a slew of ground-breaking initiatives that will redefine the way blockchain games are developed.

<