ORLANDO—Monitoring what goes on inside the firewall is just as important as checking for what’s outside your data borders, one fraud expert is emphasizing.
Gene Fredriksen, VP, CIO at PSCU, told attendees at NACUSO’s 2017 Network Conference that crooks sneak unnoticed inside systems all too often, but they need time to build up to their attacks. In doing so, he said, they leave signs that they are at work, which someone carefully minding the store can pick up on and prevent a successful data breach.
Fredriksen explained that for fraudsters to pull off a meaningful data heist inside a network requires some significant coding. He said that instead of marching in all at once with the malicious payload, hackers send in a “scout.” The scout then opens the doors for more pieces of code to come in like “cockroaches.” Eventually the crooks, assemble all their code inside the firewall, spot the key server and data they are looking for, and take action.
Fredriksen explained that this fraud approach is termed the kill chain, and the key to stopping the threat is “breaking the kill chain”—stopping one of the events leading up to the final attack.
Look For Signs
That means the credit unions need to watch for signs of suspicious activity inside their systems.
“For example, Bob Smith who never logs in at night, logs in at 2 a.m. Or, if you see any connections being made to servers that are outside the norm,” said Fredriksen.
Once the credit union identifies there is an issue and knows where it is coming from it can generally stop the attack, or “interrupt the kill chain,” Fredriksen said.
“But to do this we have to change the way we think, and stop concentrating outside our firewalls,” he said.
While attacks are going on inside the credit union’s systems, he said the bad guys patiently wait for data that identifies a user with elevated administration rights. Fredriksen said that helps fraudsters find their way to the “crown jewel,” the primary server with all the sensitive account data on it.
He also warned credit unions to not make it easy for crooks to spot the main server with names that give it away, such as “Database 1.”
“Would you build a wall safe in your home, hide it behind a painting, but then draw arrows pointing to it? You would not,” said Fredriksen.
Other common mistakes:
- Keeping around old servers that support Windows 2008 or even Windows XP, easier avenues for crooks to hack.
- Misconfiguring servers after they are built. “You build them to a gold security standard, but then you give them to developers who turn off some of the security aspects. So, you think you have a the gold standard when you actually do not,” said Fredriksen.
- Don’t open new doors for fraudsters, such as adding a new data room chiller that has a diagnostic port that is unprotected.
Statistics reveal that that battle ahead for credit unions, especially the small ones, will be a difficult fight.
60% Fraud Growth
Fredriksen pointed out that fraud threats are growing at 60% annually, while credit union IT staffing is growing at 3%.
“This trend favors the bad guys,” said Fredriksen. “And about 60% of credit unions have one person on their staff to address data security, if that. Maybe a half a person at small credit unions.”
What credit unions have to do is share information and take advantage of new information resources that can help them identify emerging fraud trends and active threats in their area. As CUToday.info previously reported, the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO) has been formed to focus on the specific cyber intelligence needs of credit unions.
ISAOs differ from Information Sharing and Analysis Centers (ISACs) in that they are focused on the needs of a specific business segment.
NCU-ISAO is the first operational and threat intelligence sharing organization dedicated wholly to credit unions,” explained Gene Fredriksen, also executive director of NCU-ISAO. “There are literally hundreds, sometimes thousands, of vulnerabilities that come out every day that can make it impossible to know what to look for.”
Fredriksen emphasized that the focus of NCU-ISAO is to pass onto credit unions actionable threats.