2 April 2018

Cyber-Attack Now Largest Threat For Swiss Banks

Tom Jowitt 
Source Link

Swiss watchdog FINMA warn that cyber-attacks now pose the biggest risk facing banks in Switzerland Cyber threats are now the biggest threat to the Swiss financial system, that country’s watchdog has warned. Swiss Financial Market Supervisory Authority (FINMA) issued the warning on Tuesday and urged the Swiss government to step up its national defences against the menace. Earlier this week, Europol arrested the leader of the crime gang behind the Carbanak and Cobalt malware attacks that had targetted over a 100 financial institutions worldwide. This gang is thought to be responsible for the loss of over 1 billion euros (£870m) for the financial industry


Swiss risk

“The risks connected with these attacks are growing in sync with the pace of global digitalisation. Cyber-attacks are now the most serious operational hazard facing the financial system, and both the private sector and public authorities should take them extremely seriously,” chief executive Mark Branson was quoted by Reuters as telling the Financial Market Supervisory Authority’s annual news conference.

He revealed that Swiss banks are mostly aware of the risks and were well equipped to deal with them. And he pointed out to the banks’ ability to repel around 100 attacks a day from “Retefe” malware attacks on ebanking systems.

But he warned that Switzerland as a country was lagging behind others with major financial hubs that have set up their own cybersecurity competence centres, or imposed system-wide tests of hackers’ ability to penetrate banking systems, he was quoted as saying.

Branson is also apparently concerned over the concentration of outsourced business processes by banks.

“We expect to see here the same standards as the financial institutions themselves,” he reportedly said, adding FINMA had begun carrying out systematic checks of banks’ outsourcing partners.

Branson said FINMA had received generally positive feedback to guidelines it published last month on how to regulate digital currency issues, known as initial coin offerings (ICOs).
Attack vectors

One of the most popular forms of cyber attack against financial institutions of late involves banking staff receiving spear phishing emails with a malicious attachments impersonating legitimate companies.

When these attachments were downloaded, the attackers gain remote control of the victims’ infected machines, which in turn gives them access to the internal banking network and allows them to infect the servers controlling the ATMs.

In late 2016 for example, a cyber-crime gang tricked automatic teller machines in at least a dozen European countries, including the UK, into spewing out cash.

The same technique was also used to remove cash from ATMs in Taiwan and Thailand.

Despite these concerns, industry observers are worried that banks are dramatically under-reporting computer attacks due to their fear of bad publicity.

No comments: