Cybercrime has become a major threat for all companies, now far exceeding traditional crime. With the digital revolution, financial institutions are now more than ever subject to this kind of threat, which has been mentioned twice (“data or money theft” and “blocking operations or infrastructure”) among the top 5 global risks, alongside geopolitical risks.
Intrusion into financial institutions’ IT systems has tripled between 2012 and 2017, according to a study conducted by Accenture and the American research institute Ponemon (03/2018) among 254 companies in seven countries (France, Italy, Japan, United States, Germany, Italy, Australia).
The banking supervisors pay particular attention to this subject, which is considered as a systemic risk. The financial institutions are invited to integrate this type of risk into the calculation of capital by quantifying Cyber risk scenarios as well as in their business continuity plans and to strengthen controls on systems.
Above and beyond these necessary measures, it is essential to provide a level of system protection adapted to these new threats.
Over the last few years, two well-known cases have been in the news. The first concerned the theft of more than €1 billion from about 100 financial institutions in around 40 countries (Carbanak attack, whose brain was stopped in 2018). The second was the attack on the Bangladesh central bank via SWIFT.
Most of these attacks are based on the takeover of employees’ workstations, which are used to bounce to vulnerable systems or to place payment orders using the financial institution’s usual tools, after a silent observation period of several weeks (Carbanak).
The most notorious illustration of this case is NotPetya, which has led to the complete shutdown of several companies in several countries by rendering all computer systems (workstations and servers) inoperative. The strike was devastating, and Saint-Gobain lost around 10,000 systems in less than 2 hours.
This type of attack is based on the same principle as ransomware (ransom request after encryption of files) except that it does not offer a decryption key. NotPetya exploited so-called “lateral” infections (which spread directly from an infected system to a healthy adjacent system), which increased the rate of infection.
In response to sophisticated new attack techniques, which are continuously being improved, traditional defences, such as firewalls, anti-intrusion systems and anti-virus systems, have shown their limits. Especially when they are bypassed to make an attack undetectable within authorized flows. There is therefore a need for a defence system adapted to new forms of attacks, known or unknown.
That’ s what TEHTRIS offers through its eGambit cyber defense arsenal, which is designed to be the ultimate weapon against cyber attacks by combining Endpoint Detection and Response (EDR) functions with subsequent intrusion detection features: workstation audit, event correlation (SIEM) both on the network and on systems, implementation of “honeypot” (fake servers that can detect an intrusion on the network). Furthermore, eGambit allows, upstream, to detect vulnerabilities that could be exploited on systems.