6point6 Prep Document
6point6 Prep Document
6point6 Prep Document
Data manipulation
Data manipulation is quite simple as it is the changing of data. This form of attack
is used by criminal elements or other threat actors to compromise the integrity of
the bank’s ability to do business with both individual customers and other’s
businesses, such as shops. This type of data manipulation shall be referred to as
hostile data manipulation
Common ways data manipulation can be used to harm banks is by various means
as while the out-right stealing of data is easily noticed, data manipulation is not so
easily noticed. But this means that potentially it can cause more damage as data
manipulation could impact not only short-term operations but long-term as well by
potentially changing the course of the impacted bank. And if it is caused, the data
manipulation is treated as a violation of GDPR, leading to large fines, with the
average data breach in the UK being 3.33 million pounds.
A common way for data manipulation to occur is often from former employee who
might have taken dismissal poorly, as happened with tesla in 2018, where an
employee both stole and sabotaged gigabytes of tesla data.
Countering CSRF
Since CSRF can bypass the most common cyber-security methods, a more tailored
method will be needed, this is called synchroniser token method. But before this is
done, you use a CSRF scanner to see if the website in question is vulnerable to
CSRF.
Synchroniser token is done by the following:
- The web server generates a token and stores it.
- The token is set as a hidden form
- The form is submitted by the user.
- The token is included in the POST request data
- The application/website will compare its own token with the one sent in the
request.
- If the tokens match, the request is considered valid, if they don’t the request
is rejected.
Banking Trojans
Banking trojans are pieces of malware that attempts to steal financial information
from a financial institution or steal individual’s credentials. This is done by
attempting to spoof a website of the victim's bank. They are delivered and function
like normal trojans.
Once these banking trojans have control over one or more of your customers'
accounts, there could be no end to what could happen without immediate
intervention, from draining the accounts of all funds to using them for illegal
purposes or to launder money.
These theoretical scenarios have come true with the Gozi/RATBANK and
Sharkbots incidents in 2015 and 2021, respectfully.
Gozi was a key piece of the framework for e-payment and commerce, which had
its source code leaked, which led to a multitude of accounts being comprised, some
of whom had as 1.5 million euros. Due to the criminal's ability to not only navigate
the internal banking systems and evade much of the 2FA used for authentication
and a host of phishing schemes, they were able to take over and control over 200
identified accounts.
Sharkbots was the name given to an Android-based banking trojan, which was able
to initate money transfer via the ATS (Automatic Transfer Systems), and able to
bypass MFA (Multifactor Authentication). It also had the capability to commence
overlay attacks, stealing both login information and credit card info, as well as hide
and suppress legitimate communication from the actual bank.