Page 48 - Cyber Warnings
P. 48
A Look Into Cyber Security
Cyber security is a top priority for organizations to keep their information and systems safe from
theft, damages, or disruptions. Find out how the enemy works, ways to defend your organization
from an attack, what hackers are capable of, and more.
By Matthew Stockham, GTreasury
Network security in cyberspace is never far from the headlines. When it does reach the
headlines, it’s never good news.
Here are just a few famous – or infamous - security breaches of the not-too-distant past, even
though they might seem like ancient history by now: Target, Adobe, TJX, Home Depot, Sony
Playstation, Heartland, Epsilon.
Hackers and cyber-thieves are, unfortunately, good at what they do and getting more
sophisticated all the time. They take advantage of gaps and weak spots in information
technology systems. But those gaps and weak spots are there, almost exclusively, because
some human being wasn’t doing his or her job properly.
We can always improve our hardware and software, and we’ll discuss a few ways we’re doing
that. But it doesn’t matter how powerful or expensive your system is if you don’t know how to
use it.
Outdated Technology and Human Error
SWIFT is a messaging system used by banks and financial companies. SWIFT messages
include, but are not limited to, payment orders. The SWIFT network itself was not hacked. But
the hackers, operating from Egypt, penetrated the banks’ systems and installed malware. The
malware modified the bank’s Alliance Access software, which reads and writes the SWIFT
messages and records transactions.
The malware altered payment orders, increasing transaction amounts and changing payment
destinations. It also changed the SWIFT payment confirmation messages back to the original
amounts or deleted them entirely.
A police investigation showed that the Bangladesh Bank had no firewalls and was using
second-hand, ten-dollar switches on its network. The Philippine bank was using a $25 router
and default passwords. It’s little wonder that the crooks were able to get into the networks.
Anyone who takes security seriously knows that security demands investment. You can’t expect
good results by picking cheap components off the shelf, plugging them in, and hoping they’ll
work. The components need to be part of a coherent plan.
48 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
