If you were one of the millions that received an email from LinkedIn in the past 2 weeks informing you that you had to reset your password, you are part of the latest cybersecurity attack to make the news. The phrase "to make the news" is crucial wording when discussing "the latest" cyber attack, because it has become quite obvious there are a multitude of attacks occurring daily and many have yet to be uncovered. It is clear that finding your credit union's critical data and network weaknesses are imperative.
Debbie Matz, former NCUA chairman, was quoted multiple times declaring that cyber threats were her biggest concern for credit unions. “Attackers today are increasingly targeting the banking or financial institutions directly for quicker, larger gain,” says Corey Nachreiner, director of security strategy at Watchguard, a network security firm." According to Dell SecureWorks, “The criminals responsible are looking at new targets that may not have the same levels of security personnel and anti-fraud systems as the big banks. Criminals thus see greener targets and a higher chance of success [at community banks and credit unions].”
Enforcing complex passwords should not be so... Complex!
Cyber criminals are getting more thrifty in their attacks, getting more money with less effort. They are deploying tactics that, to the outside observer, seem too easy, as they are finding the weakest links to be as simple as employee passwords. For instance, criminals were able to steal account information from credit bureau giant Equifax earlier this month by simply guessing employee's default pin codes. ADP was also victimized in a similar fashion, with criminals posing and logging in as employees to steal ADP's customer's data, partly due to poor enforcement of password policies. Once the data on the individuals is gathered, it is sold for large sums of money to other bad guys. Companies should have policies in place to ensure security, such as requiring complex passwords and pin codes of their employees, to avoid employee data being stolen and exploited. While most people and companies know this to be the case, it is surprising how few enforce it.
Back to the LinkedIn example: LinkedIn failed to force all users to reset their passwords after a 2012 breach of at least 6.5 million credentials came to light. But it turns out the breach actually compromised 167 million accounts, and earlier this month that information was put up for sale on the dark web. (Small aside here: If you have not reset your LinkedIn password, stop everything you are doing and do so now. And should those login credentials happen to be the same for other accounts you own... it's time to spend a few minutes to update account information). Another case of cyber attacks that could be avoided with strict password policy and enforcement.
Be Aware of Ransomware and Malware
The evidence is all around us that cyber attacks are running rampant. Ransomware and malware attacks are another threat to credit unions specifically, exploiting the weakness of human error by means such as having staff open infected attachments. In April 2016, 50,000 phishing emails loaded with a GozNym (a new malware) were unleashed on banks and credit unions, and were successful in skimming $4 million from the scheme in just a few days. By combining code from two different existing Malware, hackers proved just how resourceful they can be, saving time on code development and avoiding security measures anti-malware and anti-virus companies have in place.
The Locky ransomware also hit financial institutions nationwide April 2016, restricting access to the infected computer system, and demanding that the user pay a ransom to the malware operators to remove the restriction. These types of attacks send out thousands upon thousands of emails, expecting that individuals will make the mistake of opening up an attachment before the security companies take notice and update their software.
Security attackers only need one weakness to exploit your credit union's network. Comprehensive security services that guard your critical core data and counter attacks from outside your network, or from within, are crucial to your credit union's data security.
Learn more about how FLEX works with credit unions to protect their data and guard you from cyber attacks.