Anne-Claire

Marketing digital

L’article Businesses Cybersecurity Barometer est apparu en premier sur Lybero.

Each year the Clusif (https://clusif.fr), the French information systems security club, offers a general presentation of the state of cybersecurity over the previous year. This year the program was very dense and interesting. 14 very good presentations that you can find on the Panorama page of the Cybercrime of clusIF.

The presentation on the attacks faced by the banks in 2018 by Gérôme Billois of Wavestone caught my attention. You can see it here.

3 different attacks were detailed. These are the attacks “Darkvihnya Attack”, “Bank of Chile” and “Cosmos Bank”.

In the case of “Darkvihnya Attack”, what has been done is the connection of several malicious devices directly to the bank network. Once the devices are connected, they are used to expand the bank’s network and then to gain access to the IT infrastructure from the outside. Malware is then used to make transfers to third-party accounts. It is therefore first of all a physical access that then allows access to IT. The attack involved 8 banks in Eastern Europe.

Countering this type of attack is possible: a well-configured network and detection of unusual equipment can detect the attack early. However, there is a need for sufficient teams, appropriate hardware and software. The fact that these attacks were carried out in different banks geographically close to them indicates a problem of lack of a localized cybersecurity culture.

The second attack is that of “Bank of Chile”. The method is very different, the attackers have managed to infect machines with malicious code. This code was destroying the machines. IT teams focused on crisis management. Meanwhile, hackers were operating quick wire transfers. A typical diversionary strategy. I see very little way to fight such an attack. The only solution is to have a team dedicated to crisis management but completely detached from the operational monitoring teams.

The latest attack is that of “Cosmos Bank” an Indian bank. The bank’s internal infrastructure has been infected with malware. It was possible to install a server that was in dialogue with the ATMs instead of the normal infrastructure. When distributors asked if money could be withdrawn, the answer was always yes. In 2 days more than 10 million euros have been withdrawn in many countries with cloned cards.

All these attacks are very sophisticated, requiring not a hacker but entire teams of people, who have the time and the opportunity to study banking systems, or to learn about them. It’s hard to imagine small hacker organizations succeeding in doing this, these are much more important means that are put at stake.

The fact that after several years, it is possible to identify these organizations and the people working there was highlighted in the presentation “Geopolitics and attribution” of Loïc GUÉZO of Trend Micro France. All hope is not lost.

Valérie Respaut

L’article #PANOCRIM 2018 – The Bank – Smarter Attacks est apparu en premier sur Lybero.

Lybero.net is a specialist in web-based information encryption. But after all, why is it necessary to encrypt? A computer’s operating system and applications offer isolation methods to prevent access to information from people who are not entitled to it. What else does encryption bring?

The first reason is technical. The insulation provided by the operating system, applications or databases is fundamentally illusory. If you follow the technical news, you hear regularly about computer flaws, programs, operating systems, protocols or hardware.

These flaws are tenuous, it only takes very little to have a fault. To illustrate this, consider the bug that led to the destruction of the first Arianne 5 rocket. The wikipedia article details this bug. In summary, a variable representing acceleration was coded to 8 bits when it should have been coded to 9 bits. Only one bit led to the destruction of the rocket after 37 seconds.

This type of code instability is both very common (this is the definition of a bug) and at the same time very surprising, intellectually. We are deceived by our physical intuition, such instabilities are rare (even if they exist) in our sensory world.

Not only is the software susceptible to infinitesimal error, but also the digital hardware. The Spectre attack and now the whole family of associated attacks are related to processor architecture.

It is therefore necessary to be able to protect the computer data despite the software and despite the hardware. That is, use something else. The other thing is mathematics, and mathematics for data protection is cryptography.

Valérie Respaut

L’article Why do we have to encrypt the information? est apparu en premier sur Lybero.