Analysis and Benefit to Banking Industry
Our research and analyses have yielded three key pieces of intelligence:
- Using text analysis models, incoming emails can be scanned to determine if they are phishing or legitimate.
- Using classification models, network traffic can be scanned to determine if it is malicious or legitimate
- Using IP location services, URLs can be scanned to determine if they are located in a high-risk country.
The banking industry is particularly vulnerable to attacks which may expose customer data, or otherwise cause the general public to lose faith in a bank, or the banking system at large. The key insights and intelligence we’ve gleaned via our analyses could apply to any industry: all industries could be exposed to phishing emails, malicious URLs, and malicious network traffic. These are rather universal themes. However, the banking industry is in a particularly vulnerable situation as it relates to almost any cyber attack; faith in the banking system is contagious, and loss of faith in the banking system can be disastrous for entire nations, or the entire global economy.
Viewed through this lens, common attack vectors like phishing emails and malicious URLs become increasingly important in the banking industry. It is simply of paramount importance for banks to get these basics down pat: stop phishing emails, prevent users from visiting malicious URLs, and detect malicious network traffic ASAP. These activities should be part of a holistic cybersecurity plan.
Through the analysis performed, our team is now able to identify phishing emails, identify intrusions via network traffic, flag the content of emails as suspicious, and identify certain URLs as high risk based on IP location.
As discussed in elsewhere on this site, the banking industry is particularly susceptible to attacks using phishing, malware, and ransomware. Banks hold sensitive customer information, and may fall victim to ransomware because attackers know that banks might pay the ransom to maintain their customers’ trust. In addition, a loss of consumer confidence in one bank may have a cascading effect which may hit other banks, and ultimately affect the entire banking system. Email and web browsing by bank employees are common vectors for these attacks – a click on a phishing email may introduce ransomware and compromise the entire bank.
Through our analyses, banks can deploy our classification models to identify and block phishing emails before they are presented to an employee. Similarly, our network intrusion classification model can help to identify when an intrusion has occurred, so it can be stopped immediately.
In addition to the classification models, we have also run analyses on other datasets to identify some attributes of phishing emails and malicious URLs.
Text analysis of the phishing emails indicated that emails that include words like ‘enron’, ‘phishing’, ‘information’, ‘business’, ‘university’, ‘safe’, and ‘money’ may indicate phishing emails.
Geographic analysis of malicious URL location via IP indicates that URLs in the UK, Netherlands, Brazil, Russia, and Australia may be high risk, and the bank should apply additional controls to URLs from these countries.
Given the importance of data within the bank’s walls, and the likely attack vectors (email and web), these additional analyses can help the bank apply some qualitative controls on employee email and browsing activity in addition to the machine learning models previously discussed. Together, these analyses offer powerful insights which can make a material difference in the cybersecurity of the banking system.