Cyber-threats mean banks are no longer ‘too big to fail’

Justin Fier, Director of Cyber Intelligence | Monday January 30, 2017

Last year, hackers made off with $951 million from the Bank of Bangladesh. The record-breaking cyber-heist was no anomaly. It was just one in a series of sophisticated cyber-attacks targeting the financial sector. In 2014, criminals stole account information from 83 million JP Morgan customers. And again last year, a single Russian bank suffered 69 separate DDoS attacks. Cyber-attacks against the financial sector are relentless.

And finance isn’t just hit more often than other industries. It’s hit harder. For banks, the average cost per record stolen is $221, well over the average of $158. Driven by the prospect of a huge payday, hackers reserve some of their most sophisticated attacks for banks and other high-profile financial organizations.

To detect advanced attacks like these, we use unsupervised machine learning to identify deviations from normal network activity. Crucially, this approach lets companies detect threats from the inside. At Darktrace, some of the biggest vulnerabilities we’ve found started with a careless employee. Nowhere is this activity more troubling than in the financial services sector.

For example, at a top US investment firm, we detected strange communications between a company desktop and a Chinese cloud service. These communications were deemed highly anomalous and a major deviation from that user’s normal behavior. The employee in question was using the cloud service for legitimate work reasons, but this service came with a host of hidden risks — namely, it was secretly transmitting login details to an unknown third party. The leaked information could have led to a debilitating attack.

These attacks are alarming, but in the future, attackers won’t just try to steal data; they’ll try to change it. Since financial services rely on public confidence, they’ll be disproportionately affected by data manipulation. For instance, by subtly tweaking bank account information, an attacker could destroy the very integrity of the bank’s data. The bank would lose all credibility if the attack went public. Similarly, an attack could alter the mathematical models that inform boardroom decisions at a Wall Street company, thus forcing them to make bad investments.

Between insider threats and sophisticated data manipulation, banks and other financial organizations are feeling the brunt of the ongoing cyber-war. To fight back, they have to arm themselves with similarly advanced security tools. Because when it comes to cyber security, banks are no longer ‘too big to fail’.

To learn more about the challenges facing financial institutions, check out Darktrace’s Industry Data Sheet on Financial Services.

Justin Fier

Justin is one of the US’s leading cyber intelligence experts, and holds the position of Director for Cyber Intelligence & Analytics at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

AI will supercharge spear-phishing

Dave Palmer, Director of Technology | Monday January 9, 2017

Imagine a piece of malware hidden on your boss’ computer. It watches her every move, quietly listening; learning. It sifts through her emails, calendar, and messages. In the process, it doesn’t just learn her writing style. It learns the unique way she interacts with everyone in her life.

It picks up on the inside jokes she shares with her husband. It knows the formal tone she employs with the CEO. And it recognizes the familiar cadence she uses with her favorite employee: you.

Her emails to you are often casual, even jokey. She signs her emails with ‘Cheers’ and sends you corny jokes on occasion. And before important meetings, she writes you an encouraging email.

One day, on your way to a morning meeting, you get an email from her. It reads:

Hi there!

I’ll see you at 9 for our meeting. You’re gonna kill it today.

See attached for a map to their office.


PS why did the refrigerator need a bandaid?
……….. for the cold cuts!

You smile, but suddenly you remember that you don’t know where their office is. Would you open the map?

Most people wouldn’t give a second thought. But the attached ‘map’ is really a malicious payload that, if opened, would start rapidly encrypting data and hold your company’s files hostage for a $30,000 ransom.

Artificial intelligence won’t just be used for good — it will open the door for sophisticated cyber-attacks like this. AI will supercharge spear-phishing with automated, intelligent technology. Hyper-realistic, machine-written emails are not some distant fiction. Indeed, the technology already exists.

Between Google’s DeepMind and voice-recognition software like Amazon’s Alexa, machines can now recognize and copy subtle patterns in human behavior. Recently, an intelligent machine even learned how to write a dystopian sci-fi novel. An email from your boss would be child’s play for an even moderately advanced AI.

Artificial intelligence won’t just power phishing attacks either. It will augment every kind of cyber-attack — including those we don’t even know about ­— with advanced decision-making capabilities. To keep pace with intelligent, unpredictable threats, cyber security will have to adopt an intelligent security of its own.

Want to learn more about the future of AI? You can book a meeting with me and the rest of the Executive Team at the upcoming RSA conference in San Francisco.

Dave Palmer

Dave is the Director of Technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over 19 years of experience at the forefront of government intelligence operations, Dave has worked across UK intelligence agencies GCHQ and MI5, where he was responsible for delivering mission-critical infrastructure services, including replacing and securing entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He acts as an advisor to cyber security start-ups and growth-stage companies from the UK Government’s Cyber Security Accelerator and CyLon. His insights on AI and the future of cyber security are also regularly featured in the UK media. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.