Banks often ignore the early signs of impending cyber attacks, according to an Australian bank’s head of cybersecurity.
Banks should look to spam emails and their own server errors as a source of information, says Nicholas Scott of National Australia Bank (NAB), speaking at the RSA Conference Asia-Pacific in Singapore.
“These signs are all there. They’re probably sitting in half of your systems today, but you’re ignoring either as anomalies or errors, or you’re ignoring them because it’s spam and it’s annoying,” said Scott, in a report by ZDNet. “It’s there; you’ve just got to look for the information.”
Spam is a “gold mine”, Scott said. Scott claimed to own 15 fake online businesses as a “honeypot” to collect attack data, as reported by IT News.
“We mine it and go, ‘Oh, look at that, CitiBank, Bank of America, and JP Morgan are starting to be phished, and there’s a new payload.’ I can tell you now, that payload is coming to me in the next month or two,” said Scott. Scott advised that businesses keep a record of spam and use the information to tweak systems in advance of attacks.
Scott also says that banks should watch for online forms being filled in suspiciously quickly, or in the wrong order – as this can be an early warning of attackers performing reconnaissance against their systems.
“If I was expecting five fields to come back and six fields get posted, I immediately want to go and freeze the account of that customer, because that customer is being owned,” said Scott. Server errors can also offer information on attackers plans.
“Please don’t throw the errors away. Collect them and have a look at them, because I think you’re in for a bit of a surprise. You’ll actually find that these errors are people trying to do things that your system doesn’t recognise, and it’s the first sign that they are trying to do something.”
Author Rob Waugh, We Live Security