The FBI has recently begun issuing cyber alerts to keep our bankers apprised of potential cyber threats, including DDOS attacks.
Our last OBA Fraud Alert was one and you will notice most are technical in nature and, ultimately, belong in the hands of those in charge of your network security. Be assured we (and the FBI) are also including outside service providers our banks engage for IT security in these conversations/warnings so they are also alerted. The DDOS (distributed denial of service) warning sent last week was for your network security personnel and the included excel sheet was a listing of IP addresses from which the attacks have been originated.
We received an alert regarding an OP USA attack that is supposed to target financial institutions on or around May 7, 2013. (click here to view that alert). This flash alert suggests the FBI had a list of intended targets, but is not included in their advisory. In checking with FBI cyber, the OBA’s Elaine Dodd learned only one Oklahoma bank is on the list and it has been made aware of that fact. Our security guru buddy, Brian Krebs, wrote about this today in his blog, “DHS: OpUSA May Be More Bark than Bite” where he shares his reasons to believe it will not be a major attack: http://krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite.
A link to a second alert from the Department of Homeland Security is referenced at the end of the article that explains another issue for concern surrounding Brobot attack scripts. These are used to attack financial institutions’ login on the website. The alerts (with Excel List of IP addresses) and a more detailed piece from the Department of Homeland Security, explain how you can use the hard-coded string as a signature to detect and block attacks from the Brobot botnet. We should note there is an Excel attachment from the FBI and, yes, it is a real link on which you can click, having not clarified that before and had questions. Good news is you are really paying attention out there!
As you can already see, we are getting sound detailed information on cyber issues from the FBI and DHS on an almost daily basis. In the past, we have tried to limit the number of OBA Fraud Alerts to increase impact for the most important issues. For that reason, and to better direct cyber info, we would like to create a subset list for cyber alerts that only goes out to network security personnel. If you engage outside service providers for this, they will be on our list as well as the FBI’s. If you have in-house IT security personnel you want to receive cyber alerts, let me know at firstname.lastname@example.org and we will compile that list for the push email cyber alerts.
Finally, as a round-up clarification on another topic, I want to share a mitigation technique one of our banks has used to limit the casino losses being encoded as POS (point of sale) transactions. This bank has a default card limit on POS transactions of $2,500 per day, and the authorization process checks the account balance. Its initial losses stemmed from authorizations or ATM/financial transactions conducted during stand-in mode during nightly processing. It instituted a Visa rule stating “daily between 2 a.m. and 4 a.m. MT, decline authorizations for MCC 4829 originated in OK to $100 (>=$101).” They are finding nightly processing is not always conducted during this time frame and plan to expand the window where funds are limited to 10 p.m. to 6 a.m.
In the spirit of Oklahoma bankers always helping each other on fraud issues, the bank was kind enough to share this in the hope that it can help others. If this does not go far enough to help, or your issues have been of a different nature, let us know and we’ll inquire further.