The target is the bank: From cybercrime to cyberespionage

Overview

Cyber attacks on banks have grown steadily during the last few years. Attackers are increasingly building capabilities to target not only the core banking system, but also executives, managers, employees, contractors and service providers. Humans are almost always the weakest link in the information security chain.

The financial services sector is a primary target for state-sponsored agents and the organized crime, largely because of the value of the information available and the benefits of using the banking system for espionage and the financing of intelligence operations, money laundering and terrorist financing.

It is important to ensure that banks maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality and privacy.

Target audience

The program is beneficial to:

- Managers and employees working at the strategic, tactical, and operational levels of risk, compliance, IT, and information security of a bank.

- Risk, compliance, IT, and information security managers, employees, auditors, and consultants.

- Network, systems, and security administrators.

- Vendors, suppliers, and service providers.

- Incident handlers and incident response professionals.

- Threat analysts.

- Vulnerability assessment personnel.

Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis can also lead the class. His background and some testimonials can be found at: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Course Synopsis:

Step 1 – Collecting information about persons and systems

- Reconnaissance: The research phase used to identify and select targets.

- Looking for information about the systems of a bank.

- Looking for information about the persons working in a bank or for a bank.

- Outsourcing and budget cuts can have hidden costs.

- Gathering information through recruitment of former employees, suppliers, consultants, or service providers.

- Who has signed a confidentiality agreement? A good list of prime targets for all adversaries.

- Contract information (bid, proposal, award). - Looking at our daily activities from the adversaries' point of view.

- More prime targets: Disgruntled employees, ideologists, employees having a lavish lifestyle, employees having “weaknesses”, lawyers having access to trade secrets and sensitive information.

- Countermeasures: What banks must do.

Step 2 – Identifying possible targets and victims

- Hardware attacks, software attacks.

- We always purchase branded and genuine hardware components (to the best of our knowledge), but our adversaries can exploit this pattern.

- Malicious hardware modifications: Acquiring hardware components with a backdoor, and how it affects all other information security policies.

- Phishing, social phishing, spear phishing, watering hole attacks.

- Which systems and which persons? The hit list.

Step 3 – Evaluation, recruitment, and testing

- Exploiting vulnerabilities in systems.

- Collecting more information about persons.

- The problem with the sleeping agents.

- Blackmailing employees: The art and the science.

- Testing the asset.

- Case studies and lessons learned.

- Countermeasures: What banks must do.

Step 4 - Privilege escalation

1. Systems:

- A. Vertical privilege escalation, where adversaries grant themselves higher privileges.

- B. Horizontal privilege escalation, where adversaries use the identity of other users with similar privileges.

- Obtaining customer account details.

- Internal information, social engineering.

- Creating backdoors.

- Covering their tracks.

2. Persons:

- Exploiting the human networks.

Step 5 – Identifying important clients of the bank

- Important clients working in the public and the private sector.

- Repeating the process - Steps 1 to 4.

Step 6 – Critical infrastructure

- Creating backdoors.

- Covering their tracks.

- Ticking time bombs and backdoor triggers based on specific input data.

Overview of the art and the science to prevent and detect hacking, cybercrime, and cyberespionage

- Foreign collection efforts and espionage that targets technology, intellectual property, trade secrets and proprietary information. What can we do?

- When the most dangerous adversary becomes the primary hardware manufacturer.

- Criminal organizations and secondary markets for sensitive information.

- Cyber terrorism: A computer-based attack or threat of attack, intended to intimidate, or coerce governments or organizations in pursuit of goals that are political, religious, or ideological.

Defending the bank and the critical infrastructure

- The Federal Council's national strategy for the protection of Switzerland against cyber risks (NCS).

- Understanding the government's expectations.

- Protecting clients’ sensitive data, infrastructure and competitive advantage.

- Exchanging information and cooperating with the public sector.

- Critical infrastructure protection principles.

- International standards and best practices.

- Closing remarks.

For more information, you may contact us.

Terms and conditions

You may visit: https://www.cyber-risk-gmbh.com/Terms.html