¶ … Cyber Attacks on Financial Institutions
The finance industry has continued to receive more targeted and sophisticated cyber attacks from criminals. These criminals often email phishing campaigns to customers which have remained the most successful methods of targeting financial institutions. New innovations in banking, like online and mobile banking, have continued to create new vulnerabilities for cyber thieves. To minimize the efficiency of these attacks, banks have devised improved communication and educational tools for customers, and procedures for quick interventions in the event of an actual attack. However, beyond simply creating harmful software intended to hack online bank details, criminals have found ways to subvert the software and servers owned by prestigious financial institutions to make their phishing campaigns more effective; this technique is known as infrastructure hijacking (Pettersson, 2012).
In 1998, one of the foremost examples of infrastructure hijacking ever discovered is known as The Morris worm. This worm spread to several computers that were mostly in the United States and it exploited the weaknesses found in the UNIX system which allowed it to quickly replicate itself. This worm slowed computers down to the point where they could no longer be effectively used. Robert Tapan Morris created the worm and he claimed he was only attempting to discover how vast the internet was. As a result, he was the first person in history to be convicted under the United States Computer Abuse and Fraud Act. Georgian computer networks were also hacked by unidentified foreign intruders during a period in which the country experienced hostilities with Russia. Graffiti was posted on the websites of the Georgian government. Little or no services were actually disrupted, however, the Georgian government believed these attacks were coordinated by the Russian military officials. Comment by dkamari: It Comment by dkamari: Not a place==that Comment by dkamari: Serious run-on
The FBI stated that these cybercriminals have devised new means of gaining access to the login details of banking employees by using phishing and spam emails, remote access Trojans and keystroke loggers. Attacks like these were witnessed in September 2012 when Wells Fargo and Bank of America were both compromised (Fraud Alert, 2012). According to the Financial Services Information Sharing and Analysis Centre, the threat level has currently been raised from elevated to high, with reference to current reliable intelligence about potential DDoS-distributed denial-of-service attacks (United States Financial Sector has increased its Cyber Threat Level from Elevated to High, 2012). This research adopts an expository approach to give a description of cyber-attacks and compromising of data experienced in financial institutions. Comment by dkamari: said Comment by dkamari: punctuation
Cybercriminals carried out advanced offensive cyber-attacks on banks in 2014. One of the most notable cyber-attacks occurred in July, 2014, and involved a massive regional banking network that was compromised by unidentified third party, which placed the accounts of over 72, 000 customers with the risk of exposure. Investigations carried out showed that the unidentified third party could have accessed customer information, such as names, account numbers, addresses, personal identification numbers and account balances (Cordle, 2014). In a related cyber-attack a couple of weeks later involving an American bank, the biggest cybersecurity infringements occurred with more than 76 million household bank accounts and over 7 million small business bank accounts compromised. The cyber-attackers accessed the bank servers that hosted the consumer account details. As a result of the technique employed for carrying out the cyber-attack, the attack was not detected for nearly two months before the bank responded and shut down access points of more than 90 servers. The bank collaborated with crime detectives and banking regulators, with the aim of uncovering the technique used in the attack. Furthermore, the bank made sure they addressed the issues concerning the vulnerability of network systems (Glazer, 2014). Comment by dkamari: punctuation Comment by dkamari: two words Comment by dkamari: a bank is not a "they"
One unique type of cyber-attack that reduces the effectiveness of monitoring and maintaining adequate protocols for cyber security is that an attack can sometimes come from traditional methods that utilize a normal process. Thus, network system vulnerability is not quite obvious or evident to an institution in many cases. This was the situation when a well-publicized mobile payment policy was revealed and cyber criminals adopted a technique employing...
These criminals capitalized on the mobile payment system because most of the banks would be encouraged customers to streamline the sign-up process for credit, without asking for additional verification details to authenticate the credentials of the customer. Consequently, despite a highly secure token security system enclosed in the mobile payment policy, cybercriminals used rudimentary means to hack into customers' bank account details during the validation process. As a result, the mobile bank payment provider and the banking institutions are carrying out a review of the procedures to make sure this issue does not happen again, which includes the likelihood of using a PIN code that the bank issues to customers when new accounts are created (Paul Hastings, 2015). Comment by dkamari: plural
Another issue of grave concern to these financial institutions is the damage the cyber crimes can do to a company's reputation. Man-in-the-Browser attacks remain one of the deadliest forms of malware for online financial and banking services. A Man-in-the-Browser attack takes place when an Internet browser is affected by a malicious code. This code amends the actions carried out by the user of the affected computer and, in few cases, can initiate some actions without the user's permission. Whenever a user logs into their bank account through an infected Internet browser, this can initiate illegal transactions that can lead to online theft (Reply, 2016). Comment by dkamari: singular
While all organizations face the problem of cyber-attacks, financial institutions face the largest risks, because they hold funds and a significant amount of private data on both commercial entities and consumers. In the last couple of years, cyber thieves have utilized online banking and payment platforms to transfer of funds directly from bank accounts of financial institutions to their own private accounts, and sometimes seize the control of ATM machines and manipulate the machines to dispense cash at certain times when a recipient waiting. Kaspersky lab, the Moscow-based security company, claims that one well-orchestrated cyber-attack against financial institutions initiated late in 2013 may have led to up to $1 billion losses (Kaspersky Lab, 2015) However, according to the Identity Theft Resource Centre, the number may be higher than this, when the number of unreported data breaches are considered (Paul Hastings, 2015).
According to Websense Security Lab's recent report, the total number of attacks experienced by financial institutions is about four times higher than what is obtainable at other companies in all other sectors. Additionally, a third of every initial-stage investigation attacks are targeted at financial institutions, as reported by the company. No matter how much government officials try to protect are financial institutions, hackers will continue to steal information. Damaging the financial institutions legitimacy will ultimately harm the innocent people that use these services. Savings, retirement plans, and even college funds have been targeted by these criminals with no remorse for what harm has been done to individuals. These attacks will continue to occur and it will be up to the government strengthen their dedication to protecting their citizens in a digital age.
Cordle, I. P. (2014, August 7). TotalBank responds to computer security breach, Miami Herald. Retrieved from http://www.miamiherald.com/news/business/article1978822.html Comment by dkamari: are all of these cited in your paper? If not, do not list them.
Mossburg, E. (2015). A Deeper Look at the Financial Impact of Cyber Attacks. Financial Executive, 31(3), 77-80. Retrieved from http://eds.a.ebscohost.com.ezproxy.umuc.edu/
Crossman, P. (2015, March 5). Is Apple Pay a Fraud Magnet? Only If Banks Drop the Ball. Retrieved from American Banker: http://www.americanbanker.com/news/bank-technology/is-apple-pay-a-fraud-magnet-only-if-banks-drop-the-ball-107312
Dean, B. (2015, March 4). Why companies have little incentive to invest in cybersecurity. Retrieved February 18, 2016, from http://theconversation.com/why-companies-have-little-incentive-to-invest-in-cybersecurity-37570
Networks Expose Vulnerabilities to Cyber-Terrorism. (2004). Operations Management, 10(44), 2. Retrieved from http://eds.a.ebscohost.com.ezproxy.umuc.edu/
Fraud Alert. (2012). Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud.
Glazer, E. (2014). J.P. Morgan's Cyber Attack: How the Bank Responded. WSJ. Retrieved from http://blogs.wsj.com/moneybeat/2014/10/03/j-p-morgans-cyber-attack-how-the-bank-responded/
Kaspersky Lab. (2015, February). Carbanak Apt The Great Bank Robbery 3. Retrieved from http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Carbanak_APT_eng.pdf
Korolov, M. (2015, June 23). The average number of attacks against financial services institutions is four times higher than other industries. Retrieved Febuary 18, 2016, from CXO Media, Inc.: http://www.csoonline.com/article/2938767/advanced-persistent-threats/report-banks-get-attacked-four-times-more-than-other-industries.html
Paul Hastings. (2015, April 28). Caught in the Crossfire: The Rising Threat of Cyberattacks on Financial Institutions and the Heightened Expectations of Financial Regulators. Retrieved February 18, 2016, from Paul Hastings: http://www.paulhastings.com/publications-items/details/?id=790ae469-2334-6428-811c-ff00004cbded
Pettersson, M. (2012). Banks likely to remain top cybercrime targets. Mountain View,…
Organized Crime / Counterterrorism AL CAPONE OR AL QAEDA?: ORGANIZED CRIME AND COUNTERTERRORISM AS LAW ENFORCEMENT PRIORITIES IN 2014 Should law enforcement in America prioritize fighting counter-terrorism or fighting organized crime? A full examination of the history and issues involved with both will, I would argue, make the answer clear: with the proper definitions involved of both terror and organized crime, it is the latter which genuinely deserves the attention of law enforcement, and
The growth of Internet has led to a desire to understand the characteristics of the users, their reasons for using the service and what the users do when connected. A huge and expanding 'Internet watching' industry has progressed to provide such data. Some statistics can be collected directly from the Internet about traffic volumes and the geographical segmentation of its users and these provide a reasonably accurate picture of
Ethical Considerations in Computer Crimes The study is based on the topic of ethical consideration in computer crimes. The rapid expansion of computer technology has resulted in an extremely sensitive issue of computer crimes. The ethical standards that are applied in other fields cannot be applied to the field of computer technology therefore the paper has discussed various aspects that are crucial for the understanding of the topic. There are a number
Pension fraud is a type of white-collar crime, but it can assume many different forms. In "Guilty Plea in Fraud Case Tied to New York Pension," the underlying crime was bribery, which happened to be related to a pension fraud scheme. The State of New York runs and manages a pension for its residents. It invests money workers pay into the pension. In this case, state officials accepted about $1
Effects of Globalization on CrimeGlobalization has different effects on developing and the developed countries in its distinct way. Since the developed countries already have an already established strong infrastructure, fortified economy, vigorous political mechanisms, and less difference among the poor and the rich regarding societal equality, globalization has still been debated regarding its effects on the entire country (Samimi & Jenatabadi, 2014). Since the poverty levels in developed and developing
Phishing is another criminal technique used to cull bank account or credit card information. Lovet (2007) describes how simple and potentially lucrative phishing can be: "the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of 'phishing trip' will uncover at least 20 bank accounts of varying cash balances, giving a 'market value' of $200 - $2,000 in e-gold." Most incidents of