Banks may need threat teams to fight the next wave of SWIFT-style attacks

Almost two-thirds of financial institutions have yet to form threat hunting teams — a growing necessity as the number of high-profile attacks rises.

That statistic comes from a recent report from Carbon Black, which recommends that financial institutions set up threat hunting teams to look for anomalies on the company’s networks. This could help them detect adversaries present on the network before they are able to do serious damage.

The latest attacks targeted Latin American banks, Banco de Chile and Mexico’s Bancomext, and in each case the thieves used the SWIFT payment system to steal the equivalent of millions of dollars. In both cases, the theft was followed by destructive malware, a common technique in the more advanced cyberattacks and one that has the double benefit of distracting the affected company’s security team and removing digital traces left behind by the attackers.

What made these attacks stand out is that they were believed to have been performed by the Lazarus Group, a threat actor linked to the North Korean government.

North Korea has been notorious for a number of high-profile and damaging cyberattacks in recent years — the 2017 WannaCry attack perhaps the most famous — and there have thus far been no signs of decreased cyberactivity from the country following the recent Trump-Kim summit.

But even if that were to happen, there is the sobering fact that there have been many cyberattacks performed by ordinary criminal groups, some of them very advanced and whose activities frequently result in large losses.

Speaking to the CyberWire podcast, Carbon Black’s Tom Kellermann said that most of the financial institutions are more concerned about such destructive attacks than they are about ransomware — which is also destructive, yet which at least provides a possible way out.