Anonymous bank takedown a wakeup call for behavioural biometrics

By Lisa Baergen, director at NuData Security

Notorious hacker network Anonymous recently launched a month-long campaign targeting the global banking industry.

According to an article in Fortune, members of the secretive group of activists and hackers went after the Bank of Greece in May of this year, taking down the site for a few minutes and launching the first punch in a series of high stakes showdowns between global bank security systems and the infamous hacker network.

Several other high profile attacks have since followed over the last month in what Anonymous calls Operation Icarus. The group has so far claimed successful attacks on 9 other central banks, including the Central Bank of Mexico and Cyprus. Next on the hit list are the Bank of England, the World Bank, IMF, the US Federal Reserve and 160 other national banks. Anonymous vows to continue the project for 30 days, culminating in attacks on NASDAQ, NYSE, and PayPal.

The group appears to have joined forces with another hacker group, Ghost Squad Hackers. The objective appears to be to create chaos in the global banking industry and is “a retaliation to the 1%” as “elite banking cartels [are] putting the world in a perpetual state of chaos”, says hacker ‘s1ege’ who claims to be affiliated with the hacker collective GSH participating in the takedown.

These attacks on banking websites might take the site down for a few minutes or longer, depending on the level of penetration and severity and, while the attack may not be long by our standards, it can cost the banks millions — making the threat very real. Adding this to the perception that bank security is vulnerable it can’t help but hurt bank brands globally whose reputations rely on consumer trust.

This is just one more reminder that banks need to make it imperative to put a robust security strategy in place, and one that looks beyond the device or static data. No further reminders should be needed at this point. The cold, hard truth is that hackers have openly declared war, have scheduled their attacks and operationalised large-scale collaborative hacking projects. There is no doubt they can and will attack again.

In 2015, for example, we identified that a staggering 45 percent of new accounts created across our financial services and e-commerce clients (including some of the largest banks and merchants globally) are fraudulent attempts. Fortunately, those attempts can and are thwarted thanks to pre-transactional early detection using our passive biometric technology.

With industry estimates that account takeover and account creation fraud will increase by 60 percent in the next three years, it is more important than ever for financial institutions to have solutions that identify and prevent these attempts, ensuring that a company’s losses don’t escalate while also providing a white glove experience to legitimate consumers. Organisations that transact online know that they need to adapt to keep up with attackers who are constantly shifting tactics and attack vectors.

The proven way to outsmart fraudsters and hackers is through accessing the combined data obtained from observable behavioural signals from the time of login or account creation and throughout the user’s online lifecycle. Some solutions can also access the combined intelligence of their behavioural network (consortium) to further aid in determining who is, and who is not, behaving like a genuine user. In this way the software functions like a “good user detector” and the baddies are just filtered out of the equation organically as part of the process.

The bottom line is that the onus is on financial institutions to continue to improve their techniques in order to stop the latest fraud methods, and in this case Hacktivists, from plaguing their business. NuData Security can help security teams at big global banks sleep better at night by providing them a way to filter these bad actors right out of the picture, and do it in a way that’s invisible to the end-customer and to the hackers – evading the invitation for them to hack.

In recent years banks have suffered huge blows to their reputations and can redeem much of that by taking steps that not only put on a security show for customers, but actually improve security and customer happiness. Harnessing the power of behavioural and biometric analytic technology empowers banks to focus on how to treat good customers well at the same time as keeping them safer.