In a time where the internet dominates our personal and professional lives, it’s only natural that it would become a target for bad actors. Negative forces take this route for many reasons, including notoriety, perceived revenge, and what they consider fun. Throw potential financial rewards into the equation, and it’s only common that institutions like banks would end up as popular targets.
After decades as prime targets, banks have experienced a diverse range of different attacks on their infrastructure and customers, with each technological leap exposing new threats. Despite this problem, however, they’ve still found a place as trustworthy and useful systems in the internet age. Even in 2022, where the avenues of potential harm are greater than ever, forward-thinking tools and approaches keep banks ahead of the curve.
The earliest types of issues to raise their heads, password scams, and cracking are problems that have been plaguing every online business since the internet’s inception. This problem works through unauthorised users leveraging other people’s account information and identities to break in. It’s also an area where many modern security privacy practices used to browse safely on the internet, can introduce hurdles, rather than solve them.
Acting as the cornerstone solution to this problem is the idea of true account verification. When the internet first arrived, hackers could use brute force programs to iterate through a list of different passwords near instantly. The speed at which this could be achieved would depend on your password length and complexity.
“Password Day” (Public Domain) by Worlds Direction
With modern tools on a non-protected website, a password only consisting of seven characters of numbers, uppercase, and lowercase letters could be brute-forced in 25 seconds. Add more characters and symbols and the increasing complexity makes passwords much more difficult to guess. Use all four of these character types, with 14 characters total, and the time to brute force could increase to 200 million years.
Simple traffic control tools from modern banks would prevent the brute force problem, but it doesn’t discount the issue of theft from keyloggers, or other types of malware. Instead, newer systems implement near-unhackable two-factor security and biometrics, as well as location tracking, to stop password hackers in their tracks.
As an extension of the flooding idea that makes brute-forcing possible, Dedicate Denial of Service (DDOS) attacks involve overloading a server with requests to slow it to a crawl, or shut it down completely. This is possible through the use of botnets, which can infect people’s computers and browsers through extensions or other unknowingly harmful software.
DDOS attacks rarely allow hackers to steal money, rather their aim is just as the name suggests, to enable a denial of service. When this happens to a banking website, it can cost customers and banks a significant amount of time and money as they wait for the attacks to cease.
The prevention of DDOS attacks requires the use of AI tools, as the threats often come through too wide of a net to be addressed manually by human hands. These tools can detect unusual patterns of engagement, allowing real customers access while blocking bots from gaining any foothold.
Causing harm more indirectly, money laundering is still a major problem for any bank that wants to be considered a trustworthy name. Being found to harbour criminal organisations can place a bank under intense scrutiny, which can affect efficiency and customer base. This is similarly reflected by existing customers, who might act as a base for criminals unwittingly, yet still suffer the consequences.
According to research from the United Nations Office on Drugs and Crime, the amount of money passed through laundering reached between $800 million and $2 trillion a year. This accounts for around 2-5% of the world’s annual GDP.
“Money laundering concept” (CC BY 2.0) by wuestenigel
Dealing with money laundering is possible through a two-pronged approach, where both the banks and the businesses they work with implement Anti Money Laundering (AML) tools. AML protection in banking is multifaceted, relying on recognition systems like Know Your Customer verification (KYC). KYC works through identifying a person’s records, to ensure they’re not an account run by a fake identity. Combined with AI tools for transaction monitoring, record keeping, and sanction list checks, this problem can be addressed for those on both sides of the banking table.
Finally, the latest and most famous form of attack on banks comes through the use of ransomware. This is a type of malware that infects a system or network, lying beneath the surface and collecting information until the time of the attack. When activated, ransomware locks the infected systems, displaying a list of demands that must be met for the software to deactivate. If it is not deactivated within the set amount of time, the ransomware then might permanently delete files or release personal or account information.
When people’s money is on the line, the implications of ransomware are enormous. Having targeted banks before, such a threat is a huge fear of financial organisations. Generating over $25 million in revenue for hackers each year, and only growing more profitable, this form of attack is likely to become even more prolific in the future.
Fortunately, preventing ransomware can be as simple as enacting proper safety protocols. Many attacks have been possible through workers doing things as seemingly benign as plugging in random USB drives they found lying around or turning off malware scans to save time. With the right training and the right tools, employees can remove the risk of ransomware, with defence systems growing more advanced by the day.
“Cryptolocker ransomware” (CC BY-SA 2.0) by Christiaan Colen
Despite so much effort by attackers over the decades, banks have remained some of the most secure are trusted businesses on the internet. In the cat-and-mouse game of bad actors and security experts, the experts have remained ahead, but it’s a never-ending battle. Whether looking at password scams, money laundering, ransomware, or any of the other lesser but still frustrating methods of harm, evolution is the key to success. If you’re at all concerned, remember that online security is a two-way street, and if you do your due diligence, you’re infinitely less likely to ever see an issue.