Malware attacks continue to be a threat for all organizations, especially those with access to significant personal or financial data, and community banks are increasingly a target. Malware can infect a computer in a variety of ways, but frequently, outbreaks stem from fraudulent emails with malicious links or attachments. The sheer numbers of malicious or spam emails circulating around the Internet is staggering. Safe Systems, for example, typically blocks more than 100 ransomware emails a minute during peak traffic, and in any given day about 90% of the email we filter is rejected.
What is Ransomware?
Ransomware is a type of malware that is usually delivered through infected email attachments, hacked websites, or websites featuring fraudulent ads. Ransomware encrypts files on a user’s computer and renders them unusable until the victim pays the hacker a specific amount of money. There is a good reason behind the recent uptick in this type of malware – cybercriminals are making millions of dollars from ransomware. According to forecasts and assessments made by experts, the threat of ransomware will continue to rise in the immediate future. In 2015 alone, the FBI received more than 2,500 complaints related to ransomware attacks, which amounted to approximately $24 million in losses to the victims.
While ransomware is making headlines, other forms of malware are still out there. Some malware is designed for surveillance. These threats will remain stealthy and quiet in the background of a computer system while stealing information and spying on computer users for an extended period without their knowledge. This is especially dangerous for community banks and increases the risk of ACH transfer fraud.
How is this malware making it past layers of technology controls?
Many times employees install something they shouldn’t from an untrustworthy source, which leads to trouble and fraudulent activity. Employees are often the weakest link when it comes to malware attacks. Banks can have the best security solutions, but if the end users are not educated about possible threats, then the attackers can bypass most security measures. One of the easiest way to trick users is through a well-crafted email.
7 Reasons Why Small Community Banks Should Outsource IT Network Management
This is a free white paper that addresses key issues smaller financial institutions face when managing their networks and the benefits of outsourcing these tasks to a provider who offers IT network management solutions exclusively tailored for community banks.
So, what is the best way to combat such attacks?
Here are some email quick tips for community bankers to live by:
- Carefully examine the ‘from address’ domain. Spear phishing attempts commonly make use of email domains that are very similar to a known domain. Some of these “one-off” examples for the safesystems.com domain include: safesustems.com, safesystem.com, safesystems.org, safe-systems.com, etc.
- Even if the email address is correct, do not assume it came from there or that the account isn’t compromised. It is extremely easy to fabricate, or “spoof,” the sending address.
- Raise that mental red flag for anything out of the ordinary, and report it.
- If something feels off about an email, do not be afraid of crying wolf. It is much better to investigate a few false alarms if it means catching a valid attack.
- If possible, do not click on any link in any email. However, if you must click, carefully examine the domain, always examine by hovering over the link before clicking.
- Hesitate before opening any attachment even if it’s for a few seconds, allowing you to think through its risk. Think of spear (targeted) phishing here, it could look like it’s from someone you know and be about something relevant.
- If there’s doubt, DO NOT open OR “preview” the attachment.
- Do not expose bank assets to the risk of personal email accounts. If you do, be extremely careful because you’re circumventing many carefully crafted and expensive layers of security. At a bare minimum, disable the automatic loading of images so the sender cannot determine if, when, and where you opened an email.
What if you do your best, but still become a victim?
- If you determine an email might be malicious after the fact, immediately have it investigated to determine its severity and nature.
- Preferably, disconnect the device’s Internet connection until given the all clear; this is critical if any link or attachment was opened/previewed. Sometimes every second can matter.
- If credentials were compromised, immediately change them everywhere that may be impacted by the same or similar credentials. Criminals are known to automatically validate compromised credentials in less than a second of receiving them, across dozens of login portals. This fast authentication technique is how dual factor authentication is compromised.
- Use a malware free device to change credentials.
- If you can’t change your credentials immediately, locking yourself out may be a good option.
- Check for previous activity on the accounts, such as sent items, unexplained non-deliverables, changed security questions, SSO authorizations, etc.
Of course, preventing an incident is far better than cleaning up afterwards. The best malware defense strategy consists of multiple layers of security, not just one. Simple out of the box malware solutions aren’t enough to protect a bank’s network. Banks need to customize malware solutions and include a personalized rule set. Blocking possible threats, such as IP addresses from Russia, a known factory for fraudulent activity, is just one layer in the defense.
Safe Systems Blocks More than 100 Ransomware Emails a Minute
We can help banks ensure they are protected with its comprehensive security service package that uses a broad-based, multi-layered approach. This system guards critical data and repels malicious attacks from both outside and inside an institution’s network, delivering 24/7-365 management, correlation, and monitoring of multiple security layers. Safe Systems’ systematic approach addresses three key areas, system hardening, security monitoring and validation to ensure network security at all levels. This will increase the level of security on your bank’s network while improving your vulnerability assessments and compliance posture.