The Petya cyber attack that began in Ukraine and other European countries Tuesday rapidly spread to businesses in the United States, putting financial institutions on high alert. The source of the attack seems to be software from a Ukrainian fintech company, MeDoc, which took responsibility late Tuesday for unleashing the virus through a recent software update, according to Fortune.
Perhaps the most disturbing aspect of the attack, from a financial institution's perspective, is that it originated in a third-party service provider, proving that hackers have identified one of the weak spots in the financial ecosystem. In their attempts to automate the mortgage process, banks and other financial institutions rely on third-party providers to deliver a wide range of services and often have dozens of integrations with these providers.
From the Fortune article:
MeDoc is a financial tech company that makes accounting software to help people and businesses process taxes. Security researchers said that hackers seemed to have breached the company's computer systems and compromised a software update that was pushed to its customers on June 22.
(If that apology seems to take a casual view of the crisis caused by the virus, it is only matched by the Ukraine government's response, which included the "This is fine" meme.)
After infecting Ukrainian banks, the cyber attack hit France’s biggest bank, BNP Paribas, through its real estate subsidiary. The property arm of the bank, which has operations in 16 countries, reacted quickly once the threat was detected, according to a spokesperson quoted by Reuters. "The necessary measures have been taken to rapidly contain the attack," she said.
From the Reuters article:
Earlier this year following a similar attack, many banks in Europe said they had stepped up efforts to shield themselves.
BNP Paribas set up a dedicated department in 2015 called Information Security and Information Systems and launched a "transformation program" to upgrade its security systems.
Now reports suggest that more banks, including U.S. banks, may have been compromised. Journalist David Gilbert reported that threat intelligence firm Recorded Future has received reports of victims in the U.S. and he mentions a banking trojan.
— David Gilbert (@daithaigilbert) June 27, 2017
Cybersecurity firm Kaspersky defines a trojan as a type of malware that is often disguised as legitimate software.
Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
It further delineates the threat from banker Trojans:
“Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems and credit or debit cards.”
Fortune has chronicled the spread of the ransomware attack and also offered one of the most succinct descriptions of what to do to protect your business before it’s been compromised. From Fortune:
There are a few simple steps businesses can take, as the cybersecurity firm Palo Alto Networks explains on its "threat brief" blog. First, apply Microsoft patch MS17-010. Second, block connections to Microsoft Windows' port 445, the part of the operating system associated with the vulnerable protocol. And finally, maintain regular data backups, and use them to restore systems.
Sounds simple enough, but the article also points out that critical processes — especially in manufacturing — are difficult to take offline, leaving the organization open to attack. Which explains why shipping giant Maersk was a prime target.
But what about banks? Regulators started warning about these vulnerabilities as early as 2012, and have repeated those warnings numerous times. But financial institutions have been slow to take the necessary actions, with one third of banks still failing to require their vendors to report a cyber breach in 2015, as cited by the New York Department of Financial Services.