Managed Detection and Response, Security Trends/Attacks
Todd Thiemann

Banking, Malware Mischief, and Managed Detection

Intrepid security journalist Brian Krebs recently brought to light compromises suffered by the National Bank of Blacksburg in Virginia. The bank suffered two successful phishing attacks in eight months and more than $2.4M was stolen as a result of the attacks. This episode is not unusual for the financial services industry, but what makes it particularly interesting are details that have come to light via a lawsuit over cybersecurity insurance payouts (or lack thereof).

In addition to the $2.4M in theft, the bank has incurred expenses of nearly $500K for investigation, remediation and legal consultation according to the bank 10-K filed with the SEC.  They have so far avoided any consumer or shareholder lawsuits.

The attacks appear to have originated in Russia according to Verizon, which was hired to investigate the second attack in 2017.  The Verizon forensic experts concluded that the tools and servers used by Russian hackers in the second attack were used by the same group of attackers that struck eight months before.  While there are frequent brute-force attacks against financial institutions, this particular phishing attack was performed against a bank employee using a malware-laden Microsoft Word document.

The bank is currently involved in court action because its cyber insurance policy is not paying out as expected. The bank thinks the entire amount should be covered, but their insurance carrier (Everest National Insurance Company) is only covering $50K and not the entire $2.4M.

A key takeaway from this episode is to always consult with an insurance specialist to structure an optimal cyber insurance policy. Looking at the bigger picture, however, it also illustrates the challenges mid-sized financial institutions face in detecting and responding to cyberthreats without needed resources and cybersecurity expertise in-house.

Regional banks and credit unions typically cannot afford a 24×7 security operations center (SOC) staffed by eight to 12 security analysts. Instead, they seek managed services help for continuous monitoring, threat detection and response to counter these sorts of attacks. That is one reason why industry analyst firm Gartner expects managed detection and response (sometimes called “SOC-as-a-service”) adoption will triple between now and 2020.

To learn more, download Gartner’s recent market guide on MDR.