How to kill a bank

An Emerging New Channel for Banks

CAN YOU PROTECT YOUR BANK AGAINST THE NEXT UNKNOWN ATTACK?

Most banks put a tremendous effort in preventing identity theft, financial fraud, money laundering, terrorist financing and other risk sensitive customer activities. The question is if these account centric detection systems are relevant for detecting a financial large scale attacks, aimed at disrupting the financial system. The current systems out there are always limited by operational teams, but more important; they're biased because they’re designed with previous attacks and modus operandi in mind.

One of the major challenges of fighting financial attacks is that nobody can predict what the next attack will look like. It’s hard to imagine what will happen. Over the last few years, numerous experts with a variety of backgrounds have written about the topic, trying to define what financial large scale attacks are and what might happen as a result of it.


Organised and state driven actors draining a bank on a massive scale in a short time frame is a realistic and proven scenario. The main reason people use banks is because they trust the financial system to safeguard their money. That is precisely why it’s so compelling for these actors to target banks.

"The attack method is much more serious than a typical data breach or theft of customer information. Instead, the loss of control over payment channels could bring down a bank."


Gottfried Leibbrandt, CEO SWIFT Network

THE TSUNAMI ANALOGY

A tsunami normally starts with one or more underwater earthquakes. Unless we measure the ecosystem, these shocks are unknown, and there is no information available to predict any impact. Even worse, most people on the seashore feel at ease, since they don’t see the water rising, until it is too late and the only thing left is to run.


The good news is that today we have tsunami warning systems. They detect a tsunami proactively and in real-time in advance and issue warnings to prevent loss of life, chaos, and damage. A tsunami warning system is made up of two equally important components: a network of sensors to detect them and a communications infrastructure to issue timely alarms that permit evacuation and other measures. When operating, seismic alerts are used to instigate the warnings; then data from the observed sea-level height is used to verify the existence of a tsunami.


Just a couple of years ago, conventional thinking dictated that tsunamis were outside the circle of influence of the human species. Today, we are able to limit disasters and are becoming more advanced in doing so.

"The question of cyber defences is badly in need of greater debate, but sadly this may not happen until a big terrorist cyber attack hits.”


Gillian Tett, Financial Times.

CAPTURE - A TSUNAMI WARNING SYSTEM FOR BANKS

With CAPTURE, we can not only detect but also limit or prevent the catastrophe from taking place; something you can’t do with an earthquake or tsunami. For those, you can only minimise the damage, but you can never stop them.


CAPTURE senses and monitors millions of transactions, variables and trends in real-time and analyse how they interact and correlate. CAPTURE is powered by Machine Learning models we trained in the actual field. The models oversee the bank’s complete ecosystem from a top down perspective and provides real time insights when a attack unfolds.

UNBIASED: SCENARIO-LESS MACHINE LEARNING

As any training in Advanced Persistent Threats (APT) learns that the best defence is based on prevention, detection and response. Where preventing a large scale attack from happening is impossible, and detection is the toolkit in the battle, then is the response the best weapon against such attacks. In this line of defence CAPTURE has cutting edge capabilities no other solutions can offer.


Preventive Analytics is another Machine Learning model that provides an autonomous response during an attack on how to counter it. In case of a large scale attack, this module can meticulously pinpoint the point of compromise, based on the malicious underlying artefacts. So using the analogy of a tsunami warning system: CAPTURE prevents the need to evacuate during a financial Tsunami.

TAKING RESPONSIBILITY

Global large scale attacks are becoming more advanced and (dark) technology is being developed in an incredible pace. With financial institutions being heavily regulated and missing agility through governance and legacy systems, from which unquantifiable threats are emerging.

A realistic result of a financial attack is that a bank has to close down for the public. That’s why a system is needed; one that warns for the potential unknown, provides insights and intervenes if all else fails.

When dealing with a topic of potentially unimaginable impact, we should anticipate it by preparing for the unknown. Risk officers at banks focus mainly on threats which are known to them. Most of these have a focus on capital gain, not disruption and chaos. Nobody will blame them for something most experts didn’t expect. The question is whether that’s enough of an argument not to take measurable action!

"You should assume you have been compromised and act accordingly. And if you set yourself up to manage the risk and manage the scenario where things go wrong, then you'll be vastly more resilient and in a much better position then if you to architect to make things totally secure."


Pablos Holman, Hacker at Sibos 2017

Who is Belleron?

Belleron is a trusted financial crime and large scale attacks solution pioneer. The company helps fight large-scale, difficult-to-detect banking attacks. We safeguard society’s confidence in financial institutions and protect people in their daily financial lives. Belleron was founded in 2012 by a group of seasoned financial crime, compliance and cybersecurity entrepreneurs. After becoming successful in their own ventures, they decided to join forces.