An article was published recently by ZDNet covering the impact of the Ursnif Trojan, which targeted over 100 Italian banks and stole in excess of 1,700 credentials. The form of malicious code – Ursnif – is usually spread via phishing emails.
According to Casey Ellis Co-founder, Chairman and CTO of Bugcrowd, this incident has highlighted the criticality of getting ahead of malicious adversaries. Ellis outlines the implications of the case to Digital Journal.
Ellis says that the disruption caused by COVID-19 has not helped the situation: “The pandemic has forced the financial service industry to accelerate digital transformation at a faster rate than most verticals to accommodate bank branch closures and other business process changes.”
He adds: “More so, the rapid changes that hit the industry in 2020 left many organizations without a clear idea of what Internet-accessible assets they have exposed, who is responsible for them, or even what their purpose is. The industry’s rapidly expanding attack surface acts as an open invitation for adversaries – like Ursnif – to attack, as banks and financial institutions hold some of the largest collections of sensitive, private and valuable information in the world. In fact, a recent report found that 9 leading U.S. financial companies had over 6,000 expired TLS certificates, which indicates a lack of clear visibility into overall IT management hygiene. To further complexify matters, the cybersecurity scope of IT teams has greatly broadened in the past 12 months due to many employees working from their own, less secure home networks.”
In terms of the specific incident of concern, Ellis expands: “With over 1,700 sets of credentials stolen from a payment processor in one case alone, this incident highlights the criticality of getting ahead of malicious adversaries. Speed is the natural enemy of security and the best way to improve any organization’s cybersecurity posture and beat attackers is by thinking like one.”
Ellis outlines the appropriate remediation actions as: “In fact, many organizations around the world are already recognizing the potential of the threats they face and are leaning into the benefits of vulnerability disclosure programs (VDPs) and bug bounty programs. Such programs allow internal security teams to leverage the talents of external cybersecurity researchers, to help counter and proactively identify vulnerabilities before they are inevitably exploited by adversaries.”
