Banks: Hackers Get More Aggressive in Attacking Customer Accounts
Annual FS-ISAC survey of banks shows average loss of $777,064
A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded.
The total number of attacks to try and break in and transfer money out of hacked customer accounts was up to 314 over the course of 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and five service providers. That's an increase from 87 attacks against bank accounts in 2009 and 239 in 2010.
FS-ISAC is the group that coordinates on security issues with the Department of Homeland Security. The survey was conducted by the American Bankers Association.
The actual dollar losses taken by the financial institutions last year was $777,064, down from a high of $3.12 million in 2010. Dollar loss for customers was $489,672 in 2011, as compared with $1.16 million in 2010.
Banks responding to the survey said they were beefing up defenses against account takeovers through customer education, more use of multi-factor authentication, and shutting down customers' online access to a commercial system once anomalous behavior is detected
Banks responding to the survey said they were beefing up defenses against account takeovers through customer education, more use of multi-factor authentication, and shutting down customers' online access to a commercial system once anomalous behavior is detected.
Increasingly, banks are extending strong authentication to their customers to prevent successful takeovers of accounts by hackers, whose strategy is often to use malware to take control of the computer of someone authorized to make payments or other high-dollar transfers related to corporate accounts.
These authentication methods can take many forms. United Bank & Trust, located in Ann Arbor, Mich., for instance, increased security for customers through a method that automatically phones the customer making an online funds transfer to verify the details about the transaction before it's actually executed.
Called PhoneFactor, this authentication method is now used for what the bank regards as high-risk transactions, says Marsha Whitehouse, vice president of treasury management at United Bank & Trust. This would ordinarily be associated with an individual authorized to make ACH or fund transfers via a corporate account. Through an automated process, PhoneFactor immediately places a phone call to verify details about the transaction request. Whitehouse says, "It improves security."
While the buzz around big data analysis is at a peak, there is less discussion about how to get the necessary data into the systems in the first place, which can involve the cumbersome task of setting up and maintaining a number of data processing pipelines.
Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.
Smartphone sales increased substantially in the second quarter of 2015, but the rate of growth continued to slow, fueling concerns that the market has started to become saturated, according to a study released today by Juniper Research.
Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users.