Financial industry in US maintains symptoms of persistent cyber-attacks among surprising cyber incidents and large-scale data breaches that compromised confidentiality, integrity and availability of user’s information. Several advanced hacking methods and the exploitation of zero-day flaws were used by criminals during the recent attack on the Get Transcript Application at the Internal Revenue Service (I.R.S).
At least, more than 100,000 people in the US financial industry were victims of data thefts. Cybercrime practices were spread rapidly in 1Q and the beginning of 2Q of 2015. During a process of investigation that I.R.S has opened in the country, it counts more than 200,000 attempts of fraudulent returns, and about half processes completed successfully. Perhaps, criminal operations were developed simultaneously inside or outside of the United States.
The Zero-Day threats are useful for cyber-criminals to penetrate critical systems of the financial industry and exfiltrate sensitive data, these malicious agents are able to scan personal information of people, such as social security numbers, birth dates, street addresses, others. In addition, cybercrime organizations collect information from criminal websites where they usually buy user’s information.
Following the 2015 Security Threat Report (ISTR), and data from the Symantec Global Intelligence Network, confirm that “more than 317 million new pieces of malware created in 2014, meaning nearly one million new threats were released into the wild each day.” The Financial industry has never been an exception for cybercrime, criminals are developing more sophisticated solutions to attack banking & payment services.
The 2015 report by the Financial Stability Oversight Council expressed that new threats on banking and financial business services are defined as a potential “systemic danger”. It means that vulnerabilities are oriented through “interconnected systems” which are supporting function of “crucial infrastructure for the wider industry.”
The most recent examples of cyber-attacks in banking industry have affected around 100 banks worldwide. At least, $ 1 billion cost in total the effects of cybercrime for the financial industry. The production of malicious software is getting an exponential growth in cyberspace. Contributions from Heads of Federal Reserve –Chair Janet Yellen and Secretary of the Treasury –Jacob Lew were convinced to impel through Congress the best conditions of capital standards, in order to guarantee “financial stability”
Therefore, the political decision from the Obama administration is vital to provide to the I.R.S the adequate resources, especially raising budget to guarantee protection of taxpayer information. At present, new strategies from I.R.S are oriented to deploy new technologies to detect potential suspicious activities. The idea from I.R.S is to prevent cyberattacks through “adding more features to authentication questions from the Get Transcript Application, by using a “so-called multifactor system that sends users a second password via their mobile phone.”
About the Author Francisco Javier Delgado Villarreal
Francisco Javier Delgado Villarreal is a Junior Business Continuity, Cybersecurity and Internet Governance Consultant. His professional experience in Information and Communication Technologies has been developed since 2009 in different arenas, such as International Organizations, Governments and private sector in Ecuador and abroad.
(Security Affairs – banking, security, financial industry)