What animal best conveys the cybersecurity threat to banking networks? It's an armadillo, according to Adrian Nash, head of security at BAE Systems Applied Intelligence, the UK-based company. "Networks are hard on the outside, but soft on the inside," Nash says. "So once an attacker gets onto a network, it is usually easy to get administration privileges and from there they can simply change some of the security settings, the firewalls rules and subsequently get into sensitive systems."

 

Nash was involved in identifying the malware and attack toolkit responsible for the US$81 million Bangladesh Bank heist, which is widely regarded as a "game-changer" in cybersecurity owing to its success in penetrating the carapace of the armadillo, to use Nash's analogy.

 

Another analogy that could be used is whack-a-mole because cyber-attacks are not only becoming more frequent, but the level of sophistication has grown dramatically. As Nash explains, whereas cyber-criminals used to target the customers of banks, they are now also attacking the bank networks directly.

 

"The groups that are doing this are quite skilled," he points out. "They are skilled at getting into organizations. They are skilled at remaining covert – not being detected by the security systems – and the key thing is getting administrator privileges in the system. Once you are an administrator in the organization, you can start disabling the security, the antivirus software. You can change the firewall rules. Crucially, in the high profile attacks we have seen this year, they are getting into payment systems and from there they are able to send transactions out and cover up the evidence as they are doing it.”

 

The attacks are becoming more complex and are conducted in stages in which different skills are needed. "You will have to have a team, essentially," Nash explains. "You have some people who are skilled at building the tool – some who build the infrastructure for the attack and some that are skilled at actually getting into the environment to get the administrative privileges. Then you will have people who are knowledgeable about the payment systems. These are all different people."

 

But there are further steps. "Once you have got the money out, you still have to do the money laundering. You still need to send the funds somewhere – maybe through a couple of hops – to someone who is going to launder that money. All of these more complex attacks require a team of people with different roles and responsibilities," he adds.

 

The main attacks currently are from the Russian-speaking countries and may operate on Russian-speaking forums where they exchange techniques and tools and possibly even victims. In the past year, there has also been a rise in West African groups who have been running sophisticated attacks. For example, they may replicate a CEO's email address and use it to send the finance team a fake message informing them confidentially that a large merger is underway and that they would shortly be contacted concerning the transaction details. The criminals may then masquerade as a lawyer and contact the finance team again instructing them to transfer a large sum to an account that they control.

 

It is a telling shift that BAE Systems, once a traditional defence company, is now a market leader in cyber-crime prevention and detection globally. BAE Systems realized in the mid-2000s that cyber- security would become a major trend so they invested in several companies to acquire expertise quickly. The Norkom acquisition in 2011, for example, brought financial crime and compliance software, which became the backbone of the anti-money laundering capabilities. Most recently it acquired SilverSky, a US cloud security company. The BAE Systems Applied Intelligence group has grown rapidly and now has a workforce of some 4,500.