The cyber against banks are nothing new, however, the recent surge of large-scale attacks on Latin American banks illustrates how the major cybercriminals attack the region’s banks increasingly.
FireEye suspects that North Korean threat actors are behind Latin America’s multiple bank robberies. Other groups are also attacking the region’s financial institutions. FireEye has discovered groups that carry out thefts through electronic transfers, abuse of message platforms and interbank transfers, as well as attacking ATM systems.
In this context and around recent attacks, Julián Dana, director of Mandiant for Latin America at FireEye, recommends what banks in the region should do to protect themselves in the best way:
Assume that the attacker is already inside the network. Many Latin American organizations still have an outdated mindset of using firewalls and building a defense that depends more on preventative measures, rather than focusing on detection and correction. Threat actors may have compromised environments many months before attempting to move money. FireEye’s research has revealed that actors lurk in environments for more than two years before stealing money.
Improve security around all tiers of payment platforms In recent gaps, attackers exploited the weak security controls in areas such as segmentation, authentication, and software development. To address this requires complete strategic improvements and banks must reinforce the segmentation of payment platforms, ensuring that only the required systems have access. They also need to understand which systems are internet-oriented, what applications and software are installed on each system and ensure that all applications are up to date.