Payments between banks are vulnerable. Interbank payments are payments that banks and financial institutions make between each other nationally and internationally, using special banking payment systems. One example of such a system is CHIPS, the Clearing House Interbank Payments System in the United States. There are other systems, which operate within and between nations.
Hackers recently breached a Union Bank of India account of a type known as a Nostro account. Nostro accounts exist in foreign currencies in foreign banks to ease transactions abroad. This breach draws new attention to interbank payments and their security.
Financial institutions that fully understand the vulnerabilities in interbank payment systems and transactions as well as how to harden these systems can better mitigate the associated risks.
The risks to interbank payments
In the case of the Union Bank of India and the Nostro account, news reports suggest several elements that could have contributed to the compromise. These factors include malicious insiders with administrative privileges, hackers using compromised administrative-level credentials, successful hacks using Phishing or infected websites that helped the fraudsters acquire those credentials, weaknesses in cybersecurity at the Indian bank, and a lack of bank employee education.
Protecting financial systems
Cyber criminals who have no access of their own entice insiders such as contractors, business partners, and malcontented or terminated employees who have the necessary level of administrative control to aid attacks on the financial systems. It is hard to pin these malicious insiders down because they use trusted access privileges to do their dirty work. Hackers also gain administrative credentials through Phishing or Spear-Phishing, other types of social engineering, and drive-by attacks. Whether it’s the complicit party using their own credentials or the hacker using compromised credentials, the solutions are the same.
One solution is using real-time security event monitoring, financial systems can immediately detect and report on anomalous insider behavior that could be connected to interbank payment fraud. The more privileged the inside user who hackers could enlist, the more closely that financial organizations need to watch and audit their every move, in addition to limiting their privileges to no more than they need to do their jobs.
Another solution is vulnerability assessments, which enable organizations to know where and how they are most vulnerable so they can beef up defenses as appropriate for the given security flaw. For example, upon discovering vulnerabilities to Phishing, Spear-Phishing, and drive-by attacks, a financial institution can ramp up employee education to curtail risky email and web browsing behavior. The organization can also intensify layered technical solutions to these attacks including intelligent Phishing detection and protection and anti-spam as well as anti-virus, anti-malware, next-gen firewalls, and blacklists for known bad sites.
A good general security approach starts with everything on networks and systems closed and locked down tight. Proceed using a least-privilege, zero trust model of security. Open ports and enable services only where necessary to permit the minimum required functions for your organization. Using a zero trust approach, assume that any system or user could become hostile.
Read about protecting public sector networks against advanced threats