Black Hat

Banks Are Under Siege by Sophisticated Hackers

The past 12 months have been particularly difficult for bank security teams.

3. 26. 19 by Dan Robitzski
Tag Hartman-Simkins
Image by Tag Hartman-Simkins

Stick Up

Bank robbers have traded in masks and guns for VPNs and proxy servers, and there’s more of them than ever.

In the last 12 months, 67 percent of financial institutions — banks, credit unions, and the like — that participated in a cybersecurity report published this month by security firm Carbon Black said that they were hit by an increasing rate of attempted cyberattacks and hacks. On top of that, 79 percent said that the hackers were becoming more and more sophisticated. It’s no surprise that crime is moving online and that security means more than thick vault doors. But cybersecurity practices haven’t quite kept up with the sheer volume of hackers targeting banks, as the report says that many attacks were at least partially successful.

Project Mayhem

Instead of settling for a quick buck, many of the attacks included in the report were intended to disrupt banking services or delete financial records — a hack strategy that’s increased by 160 percent over the last 12 months. And once the hackers are in, 32 percent of banks said that the hackers were digging in their heels and fighting back against efforts to lock them out of the system.

“It’s something that we should be very concerned about,” Tom Kellermann, Carbon Black’s chief cybersecurity officer, told BobsGuide, “because what that says to me is that [cybercriminals] are willing to shoot the hostages now, they’re willing to burn down the infrastructure, and destroy segments of a financial institution because they’re angry that you are reacting to them in the first place.”


Putting Out Fires

Many banks’ cybersecurity vulnerabilities are introduced when they launch a new platform, be it online banking, mobile banking, or anything of the like.

Kellermann told Bobsguide that banks’ tendency to launch new services and platforms without a proactive focus on security “is a systemic mistake and it is a terrible mistake.” Too often, Kellermann said, security teams are left running around and putting out fires rather than proactively seeking out and securing their vulnerabilities.

“They’re doing this to increase access to their systems,” Kellermann said. “What they’re not understanding is that if you build it they will come and not all of them will be righteous.”

READ MORE: Technology obsession blinding banks from real cybercrime threat [Bobsguide]


More on cybersecurity: The US Finally Has a Defense Agency Devoted to Cybersecurity

Care about supporting clean energy adoption? Find out how much money (and planet!) you could save by switching to solar power at By signing up through this link, may receive a small commission.

Share This Article

Keep up.
Subscribe to our daily newsletter to keep in touch with the subjects shaping our future.
I understand and agree that registration on or use of this site constitutes agreement to its User Agreement and Privacy Policy


Copyright ©, Camden Media Inc All Rights Reserved. See our User Agreement, Privacy Policy and Data Use Policy. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Futurism. Fonts by Typekit and Monotype.