VIDEO: How CIA cyberweapons are increasingly being used to hack banks, credit unions

April 20th, 2017

3C_April5_Phishing_2017_illuBy Byron V. Acohido

When WikiLeaks released details about the CIA’s arsenal of hacking tools last month, it was like Christmas arrived early for hackers who specialize in cracking into the business networks of financial services companies.

Mandiant, the forensics division of malware detection vendor FireEye, affirmed as much in its M-Trends 2017 report, issued shortly thereafter. The Mandiant report disclosed how cyber criminals have quickly embraced CIA-type tools to juice up their banking system attacks.

I spoke to Bob Thibodeaux, chief information security officer, at Seattle-based DefenseStorm, about this. DefenseStorm provides a security service for community banks and credit unions that monitors network traffic—specifically event log data—for malicious activities.

“What we are seeing with the leak of the CIA’s attack tools are that cyber criminal elements are actually taking advantage of the knowledge of those tools for their attacks,” Thibodeaux told me. “We are seeing them actually using the kinds of tactics that the government actors are using to exploit financial firms, specifically.”

These cutting-edge attacks are showing up in banking systems in southeast Asia, according to Mandiant. But it may be only a matter of time before use of similar tactics, leveraging the CIA leak, spread to banks in other regions. “The attackers are using tools that Windows system administrators would use to actually stay on the network, monitor traffic, figure out how the banking process works, and then steal tens to hundreds to millions of dollars,” Thibodeaux says.

Community banks and credit unions in the United States are likely to be targeted because they are less well-defended than the big multinational banks.

It is all too typical for a small bank or credit union to rely on basic network defense systems, even though malicious probes and communications with criminal command-and-control servers are nonstop.

Unfortunately, it’s not going to get any easier for smaller banks and credit unions to play catch-up, much less neutralize cyber attacks over the longer term—without help, Thibodeaux says.

“One of the reasons why we entered into this business is we want to help these smaller financial institutions protect themselves,” he says. “We know that budget is very tight and smaller organizations don’t have a lot of IT staff. So we can help them, we can do the staff augmentation and be the experts for them.”

(Editor’s note: This article originally appeared on ThirdCertainty.com.)