Cyber Attacks, Infection Vectors, & Layers of Defense

Common Types of Attacks on Credit Unions

1. Malware

2. Phishing Attacks

3. DDoS

4. Ransomware

Malware and phishing are on the rise and have been for several years. Almost every week, there seems to be a new high-profile ransomware attack on the news. In addition, the attacks are getting more prevalent in industries like financial services, even credit unions.

Attackers have doubled down on ransomware because it is so effective. In 2020, there was a ransomware victim every 10 seconds, and this is intensifying in 2021. Ransomware is a valid and robust business of its own. Ransomware offers a big dollar value with minimal risk. Unfortunately, there is no way to pursue many of these criminals, as they work or live in non-extradition countries. Instead, cybercriminals use mid-level marketing or pyramid schemed to resell code and ransomware kits in app stores on the black market. The developers take a cut of any ransom that is paid using their code. Thus, they can monetize their ransomware code repeatedly, yielding quite the profit. Many cybercriminals organization also post jobs on the dark web to grow their organization and legitimize themselves as more of a “business.”  As these “organizations” grow and become more profitable, the average cost of a ransomware attack increases. According to a 2020 IBM Security report, the average cost of a cyberattack is $3.86M, but the average breach for a company in the financial services industry is $4-$6 million.

Most Common Attack Vectors

1. Social Engineering: Phishing Emails

2. Clicking on Bad Links

3. Exploiting Vulnerabilities

The number one way that most companies and organizations infiltrated and attacked is through phishing emails. This is due to a couple of factors, such as the prevalence of email and the technology and psychology behind emails. Cybercriminals continue to send phishing and malware emails, as the cost of sending an email is minimal if anything. They can send out 1 million emails and get about 10,000 people to click on a bad link, which is still worthwhile and very profitable. Once they have been able to phish account information and credentials, they can find vulnerabilities. For example, the recent Kaseya security incident resulted from exploiting a zero-day vulnerability, as was the colonial pipeline attack.

Layers of Defense against Cyberattacks

1. Patching Vulnerabilities

2. Advanced Endpoint protection

3. Endpoint Isolation

4. Automated Backups

5. SOC/Monitoring: Early and Rapid Identification

6. Security Awareness Training

It is impossible to stop all cyberattacks, but the above defense systems will help reduce any successful attacks on your credit union. One of the most effective ways to protect your data is through patching vulnerabilities. Many companies complete a monthly, quarterly, or even annual patching cycle. However, the best method is to have a continuous patching approach, where you use new technology and new tools to keep a continuous eye on the vulnerabilities that exist in your environment. It is not enough to be aware of the vulnerabilities in your environment but to patch them before an attacker can exploit them.

Advanced endpoint protection works wonders in slowing down and even thwarting the most common forms of malware by monitoring the behaviors in your environment and not just looking for a known set of signatures and definitions. For example, in some cases, the Kaseya ransomware variant was stopped by advanced endpoint protection before it was executed.

Endpoint Isolation is often a feature of your endpoint protection. This is the ability to isolate a potential infected or known infected endpoint from the rest of your network. Isolating an infected endpoint allows you to stop or slow the spread while still preserving the forensic evidence for an investigation after an attack.

Backing up your data is crucial to recovery. However, the best way to ensure regular backups is by eliminating human errors and automating your backups to avoid paying a ransom in the future. Ideally, you want to have a backup both on the premises and off the premises, at a separate location. Keeping your backups at the same location as all of your hardware is a recipe for disaster. In addition, ransomware can and is designed to jump and target your backups.

SOC/Monitoring is great for the early identification of an attack. Early identification is extremely crucial for financial institutions and credit unions. Having a SOC monitoring logins and activity and aggregating the data to let you know when there is a potential breach can help with an incident response when there is an incident. Tools are not perfect, and they can have weaknesses and vulnerabilities, but they are great for providing visibility. You can have all the tools in the world, but if no one is monitoring them, then the tools will not do much good.

Many breaches occur from phishing attacks. Raising awareness and showing employees simulated phishing emails can decrease the chances of clicking on them, compromising the integrity of your credit union. The more exposing to different kinds of attacks and threats, the more likely they are to be cautious of clicking unknown links or opening suspicious emails. In the past, companies would explain what phishing, cybercriminals are improving their emails, and employees may have a harder time finding something suspicious if they are unsure what to look for.

Additional Resources:

This blog is an excerpt from our recent webinar, Preventing, and Preparing for Cyberattacks, watch the full webinar here: https://attendee.gotowebinar.com/recording/5721370744244067330

For managed patching solutions click here

To learn how we can help assess your credit union security preparedness click here

Need help with your disaster recovery plan click here