The rambling message posted on April 21 announcing ominous the May 7 OpUSA cyber attacks against U.S. Government agencies, financial institutions and large corporations turned out to be more bark than bite, with only minor damage reported.
"From what we have seen, maybe some second or third tier sites have been hacked and a few things have been reported," says Chip Tsantes, a principal in the Financial Services Office of Ernst & Young, and leader of the information security practice. For instance, HackersNewsBulletin.com has a list of hundreds of smaller sites that have been hacked or defaces. The list of hacked sites differs greatly from the list of targeted websites that the group, called N4M3LE55 CR3W, posted on April 24.
"I think it was a low impact in the commercial world," Tsantes says. "When it comes to our big clients, they have been very well tested. Their defense mechanisms are in place. The attacks that were state sponsored a few months ago were orders of magnitude greater than what we saw" from the OpUSA attack.
By announcing the attacks in advance, N4M3LE55 CR3W had very little chance of doing serious damage. "If someone really wants to attack and do some damage, they usually don't announce it," Tsantes points out. "We think the pre-announced attacks are really for probing and testing."
However, just by announcing an attack, a group can cause financial losses. "Do these attacks cause damage? No, not a lot," Tsantes says. "But banks and companies do have to divert resources and work with ISPs and help to prevent these attacks. There is a cost to that."
Financial institutions, which have been hit by much larger distributed denial of service (DDoS) attacks in recent months, are well prepared, Tsantes says. "Banks have geared up significantly for these attacks, but now banks need to have much more than just a robust perimeter. Understanding the wide range of threat actors, from small criminal groups, to activist groups, to state sponsored attacks, is important."
Financial firms also need to look out for internal threats and use data to help pinpoint anomalies. "We are seeing more attempts to compromise insiders, either to get them to go along with hacking activities, or trick them to put malware inside the company," Tsantes says. "Banks are working to pinpoint what normal behavior is, when anomalies occur, and when they do to quickly divert and shut down."
For instance, a simple example is a branch manager for a financial advisor who normally accesses about 10 customer files each day, but then suddenly starts accessing hundreds of files. "This is not normal behavior for this individual and it should be flagged immediately. We are certainly working with clients to use big data solutions to coordinate events from a variety of data sources to look for correlations and look for anomalies," Tsantes says. Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio