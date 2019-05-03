App
Moneycontrol App Android App iOS App iPad App Android Tab Blackberry Windows App Windows Tab
Subscription
Specials
Stocks
Feedback
Log In
Sign Up
Moneycontrol
Get App
Select Language
Subscription
Specials
you are here: HomeNewsTechnology
Last Updated : May 03, 2019 08:34 PM IST | Source: Moneycontrol.com

When ‘password’ still remains the weakest link in bank security

Financial institutions are at the forefront of bearing the brunt of cyberattacks that lead to the loss of data, assets and consumer confidence.

Moneycontrol Contributor @moneycontrolcom
Whatsapp

Anshuman Singh

Last August, hackers managed to wipe off nearly Rs. 100 crores through a malware attack on the server of Pune-based Cosmos Bank and cloned thousands of the bank's debit cards over a period of two days. In 2018, there was a sharp increase in the cost of suffering a cyberattack. According to reports, an incident cost $369,000 on average in 2018, up 61% from $229,000 in 2017.

Amongst all sectors, financial institutions are at the forefront of bearing the brunt and threats of cyberattacks that lead to the loss of data, assets and consumer confidence. With banks possessing personal and financial data of millions, they are natural targets for cyber criminals. Not just that, banks also possess personal and sensitive data of millions of users and with data being regarded as the new oil, this is a goldmine for hackers. Targeting banks offers hackers multiple avenues for profit through extortion, theft, and fraud.

More recently, there has been a significant rise in online scams where fraudsters are sending attractive and luring messages, calls or emails to trap customers. Fraudsters today use a variety of different tactics and methods for stealing a victim’s credentials thereby gaining complete control of the victim’s account. Spear phishing, password stealing, account takeover and credential stuffing are the major cyber threats to financial institutions.

related news

Banking passwords are obviously the most easily monetized since criminals can simply transfer funds from a compromised account to their accounts. The widespread use of softwares that store passwords (from browsers for instance), and password management solutions compound the problem even more.

Cyber criminals spread the password stealing software via a malicious email attachment. When the user clicks on the attachment, a program is installed in the background which routes all their internet traffic to the hacker’s server. So, although it appears that you're talking to your bank's web site, you're really connected to the hackers' server which is doing a fine job of impersonating the bank--except that it's also capturing all the usernames and passwords that you enter. To add to this, the black market for stolen passwords within cybercriminal community is really booming and is turning profitable.

The relevance of a strong and secure password is still unknown to most in India. Most banks still allow end users to configure weak passwords. Weak passwords are set by users on roughly half of systems. Another cause of worry are default accounts with default passwords that are not removed or left behind for administrative tasks. Some common passwords include "admin", keyboard combinations resembling "Qwerty123", blank passwords, and "P@ssw0rd".

However, the weakest link in bank security is the human factor. Even the best technical defences can be compromised by phishing information from employees. Phishing messages can be sent to bank employees both at their work and personal email addresses. Password stealers are great at social engineering and use emails very effectively to solicit sensitive information. These emails often contain an attachment or URL enticing the user to click them. Some commonly used techniques for these attacks include phishing, impersonation and avoiding detection by using trusted file types.

Protecting passwords are not only the responsibility of individuals, it needs to be a consolidated effort between employee and employer. Employees should be regularly trained and tested to increase their security awareness of various targeted attacks. Simulated attack training is one of the most effective forms of training. Deployment of real time spear phishing and cyber fraud defense solutions which will learn an organization’s communications history and prevent future spear phishing attacks.

The author is Senior Director, Product Management at Barracuda Networks.
First Published on May 3, 2019 08:34 pm

tags #BankingTech #BFSITech #fintech #Technology

most popular

$102 billion is what this company pays as tax; much more than Apple, Alphabet's combined profit

$102 billion is what this company pays as tax; much more than Apple, Alphabet's combined profit

These billionaires lost billions in the stock market, but barely broke a sweat

These billionaires lost billions in the stock market, but barely broke a sweat

Top 10 companies where Indians want to work: Guess which takes No 1 spot

Top 10 companies where Indians want to work: Guess which takes No 1 spot

More From

IPL 2019 Live Score, KXIP vs KKR Match in Mohali: Nitish Rana removes ...

Akshay Kumar issues a clarification on all the questioning over his ...

Luka Chuppi actor Kriti Sanon makes head turn in her sunshine bikini

Exclusive! Kareena Kapoor, Aamir Khan, Hrithik Roshan: Here's how much ...

Akshay Kumar's Canada citizenship and everything that's wrong with it

Bharat: Ali Abbas Zafar reveals why Salman Khan’s niece Alizeh was t ...

Game Of Thrones: Emilia Clarke reveals that episode 5 is going to be ' ...

Cyclone Fani: PM Narendra Modi, Virender Sehwag, Abhishek Bachchan exp ...

David Beckham's 44th: Here's what his mom Sandra Georgina West gifted ...

Here is Why RBI Has Imposed Penalties on Vodafone m-pesa, PhonePe And ...

Rajasthan Boy Forcefully Circumcised, Mother Says Accused Molested Her ...

Unwilling to Take Chances, Archaeologists Camp at Puri Temple for Prom ...

Election Epicentre: Priyanka Pitches 'PM Rahul Gandhi'

Militants Kill 18 Mali Civilians in Double Ambush

Karnataka Cong Chief Meets Mandya Party Leaders Over Their Dinner with ...

RBSE 12th Result 2019: Rajasthan Board Likely to Announce Class 12 Res ...

Ebola Deaths in Congo Will Exceed 1,000, Says UN as Attacks Continue o ...

BJP Cries 'Emergency in Karnataka' After Party Sympathisers Get Arrest ...

Why Congress’ disorganised state — as Rahul Gandhi admitted — ma ...

Lok Sabha Elections: Digital India is on mute; politicians of all hues ...

Lok Sabha elections 2019: Uttar Pradesh babus make beeline for politic ...

Everything that you need to know about Warren Buffett and Berkshire Ha ...

Cyclone Fani: Here's how it was named and what it means

Market this week: Midcaps underperforms benchmark indices, Yes Bank pl ...

It's bull and bear case for Biocon: Analysts divided as flat performan ...

Wall Street opens higher after strong jobs data

Jet Airways has become a trading item with 'no asset value'

Avengers: Endgame — Why Hulk's new and improved avatar in Marvel's I ...

Kamal Nath's present tense, future uncertain as BSP threatens to pull ...

Lok Sabha polls in Kashmir: Midnight arrests and Hizbul Mujahideen thr ...

Venezuela unrest: Daily life resumes after two days of violent clashes ...

Jet Airways employees’ bailout offer: No harm in trying because buye ...

Javelin thrower Neeraj Chopra doubtful for IAAF World Championships af ...

Jal Sahelis: How women across Bundelkhand are reviving water harvestin ...

Cauvery, a river under stress: How the dispute over its waters was pol ...

Kalpana Chawla Space Policy Dialogue 2019: Inching towards a new era i ...
Loading...
Sections
Desktop Version »
Follow us on
Available On
PCI DSS Compliant
Disclaimer | Terms & Conditions | Privacy Policy | Cookie Policy | FAQs | Sitemap | Feedback
Network 18 Sites: News18 | Firstpost | CNBC TV18 | In.com | Cricketnext | Overdrive | Topper Learning

Copyright © e-Eighteen.com Ltd All rights resderved. Reproduction of news articles, photos, videos or any other content in whole or in part in any form or medium without express writtern permission of moneycontrol.com is prohibited.