Earlier this year unidentified bad guys “broke in” to the Bangladesh Bank (if you can call compromising a network guarded by no firewall and based on $10 switches a “break in”) and from there compromised the SWIFT network. They were in the process of actually stealing 1 billion dollars but only made off with a measly $81 million before being discovered.
But that's just the beginning of the story. It's big and complex and there's so much to be learned and applied from this heist. More than a dozen other banks appear to be involved including the Federal Reserve Bank of New York. Multiple security firms are involved in the investigation and it looks like we have the malware used in the attack. I'm sifting through this wealth of information and will lead you through the attack. I'll explain what we know (and suspect) about the attackers, what they actually accomplished and what else they've tried so far. We will look at how they did it technically which involves a number sophisticated techniques affecting at the network, operating system, application and database layer. This gang is sophisticated. But we will also discuss what we don't know. We won't be able to discuss what we don't know that we don't know… though) Most importantly we'll identify key security strategies and technical controls that absolutely would have either prevented the attack or led to it being discovered much sooner – before money was actually stolen. And these lessons apply whether you are a bank of not.
Key security strategy issues of this hack:
- Vulnerabilities in your partners' networks are your vulnerabilities
- Even some monitoring can limit losses to a fraction of their potential
- Lower value assets do not always translate to lower risk
- Endpoint, endpoint, endpoint
- Malware, malware, malware
- Code integrity
- Database level hacks that bypass OS and Application controls
- Signature-based antimalware doesn’t work against bespoke attacks
Fascinating technical security issues:
- Uncontrolled SQL transactions against DB server
- A 2-byte modification to a critical DLL
- Command and control communications
- How the account balances and transaction amounts were “doctored”
This is going to be an awesome real training for free ™ event. Get ready for an awesome ride. Carbon Black, one of the coolest security technologies in the world is sponsoring this webinar and Chip Rouseey and Justin Falck will briefly show you how Carbon Black's Response and Protection technologies fit into this discussion.
Don't miss it. Please register now.