As I read through the article, I couldn’t help wonder how each method the writer described could have been complicated for the attacker if there was a Advanced-IP Layer as the first and last inspection.
Attacks are not limited just to theft and can take the form of denial of service (DoS) assaults on a bank’s online operations to prevent customers from accessing their accounts. Last year, HSBC became the victim of one of the largest attacks of this kind yet recorded, causing the failure of its online banking services. Stuart Gulliver, Chief Executive of I, and other senior managers at Britain’s largest bank, believe cyber threats are one of the biggest dangers to the industry.
Because of the distribution of the attack this could have been watered-down to a non event if these banks employed an additional Advanced-IP layer to limit their network port exposure to the world. The Advanced-IP layer would have absorbed the blunt of the traffic to before it entering the environment, or the touching the attacked service.
One of the biggest areas of weakness is LAX security among employees. In particular, the use of unauthorized applications.
Again, the Advanced-IP filter in this case would have prevented unknown outbound connections to high risk networks in the app. The Advanced-IP layer is your first and last line in defense for these rogue applications to enter or escape. For instance: Bad user downloads I widget X, which is coded to siphon and collect data to send it to country Y, using some common port X. which tricks IDS using your very own internal web filter/proxy. Unfortunately for the hacker application, the Advanced IP filter isn’t fooled by the apps stealth or program trickery, it only cares where its going.
Ernst & Young, says the use of outside technology, as well as social networks, such as Facebook and LinkedIn, have proved a boon for those looking to circumvent banks’ online defenses.
Criminals have also begun targeting the physical hardware underpinning banks’ systems. Last month, a gang was arrested after a man posing as an engineer attempted to fit a device to a computer in Santander UK’s Surrey Quays branch that would have allowed the alleged criminals to remotely access customer accounts.
Even with a physical chip, the attacker/hacker will need to know what the Advanced-IP layer is allowing traffic to. So lets say the chip is designed to capture passwords and personal information, then send it to some obscure location in some eastern block country, well if the company whom they are trying to siphon data from doesn’t allow certain ports or traffic to that area, the chances of the data ever leaving diminish exponentially, and the better your IDS picks up the traffic anomaly.