Major bank hacks and the growth of the Internet of Things make the process essential

Although many of us use two-factor authentication (2FA) in some aspects of our security, a lot of people are slow to realize just how important it is – and how important it will be in the near future.

One growing and very concerning security problem is that of bank hacking. CNN reported earlier this month that, “North Korea-linked hackers are attacking banks worldwide,” and that “North Korea’s hacking operations are growing and getting more bold…increasingly targeting financial institutions worldwide.”

Banks in 18 countries were targeted, with the regime reportedly seeking funds for its military programs.

Source: Ed Jones/Getty Images/CNN Money

Also early in April came news of an ‘unprecedented’ hack of a Brazilian bank. The Russian security firm Kaspersky, which also investigated the North Korean hacks, documented what Wired described as “wholesale bank fraud, one that essentially hijacked a bank’s entire internet footprint.”

Advertisement

For five hours, online customers of the bank were rerouted to expertly reconstructed fake sites, where bank details were unwittingly entered. However, two-factor authentication, also known as 2-step verification, could have prevented the whole thing.

Kaspersky reported on NK and Brazil bank hacks. Source: Getty Images/CNN

‘Well beyond’ the username and password days

TechDigg spoke to the security firm Authy, which provides a free 2FA app for use with Facebook, Google and Dropbox among many others.

Authy believes attacks in markets like Latin America tend to be practice runs to go after the bigger targets in the US or Europe.

“It’s time for banks to wake up and accept that passwords alone aren’t sufficient for protecting either customer or employee accounts. Without two-factor authentication, it’s not a question of if, but when attackers will break through,” the company told TechDigg.

Authy explains that while the Brazilian bank attack was among the most sophisticated attacks to occur in recent times, it could have been prevented simply by implementing or activating two-factor authentication to secure access to the bank’s DNS accounts.

“If the thieves had never gotten control of the bank’s domain, the rest of the heist – the fake bank, the spearphishing, the account takeover, etc. – could never have happened,” said Authy, which provides 2FA to both individuals and businesses.

The company added that we are “well beyond” the days where security can be trusted to a static password and username. But that doesn’t mean the solution has to be over-complex.

In the case of the Brazilian bank attack, a simple one-time password (OTP) or push authentication could have alerted the DNS administrators to the fraudulent access before the cybercriminals got access to everything, experts noted.

The company told TechDigg that: “2FA dramatically improves upon traditional account security – a lone username and password – in adding an additional layer of authentication, delivered through a push notification, SMS, or voice call directly to the legitimate user’s device.

“This is important not just for the initial login, but step up security once a user gains access to an entire system and attempts to perform an high-risk action (such as changing the DNS infrastructure).”

2FA can thwart even sophisticated hacks
Hacks are increasingly sophisticated. Source: IB TImes/Reuters

2FA and the Internet of Things

If increasingly sophisticated bank hacking is one concern that looms large on the horizon, then another is the growing Internet of Things (IoT).

Widely interconnected devices and services, including eventually most or all devices in the home, is a hugely helpful and exciting development, and should of course be no more feared than any other technological advancement.

It does, however, mean that as more things are online, connected and accessible, there are more entry points for hackers. Gaining entry through just one of those points could also mean access to vastly more information than it has in the past.

Using 2FA wherever possible closes off more and more entry points to potential attackers.

[See More: Car Hacking Threat Needs to be a Public Concern]

Comments

comments

3 COMMENTS

  1. Good article, a lot of people are using the same silly password for everything, which is not a problem if they have some second stage of verification. I recently noted that the Microsoft way to do it is not working pretty well in some cases, one friend asked me to help him to setup the software in his smartphone and the email wasn’t asking for the code from the app, so there is a lot of work from all companies to get this running the right way.

    Here the banks I think ar working on it a lot and sometimes it’s annoying the way of putting more than one password, but a needed thing these days for sure.

  2. I think that’s right, there has been some progress but nowhere near enough. I agree the perceived hassle of extra steps may be what’s putting some individuals and companies off, but those extra few minutes are obviously well worth it when you think about the potential consequences of having less secure accounts.

  3. The 2FA helps but you’d be wrong thinking you’re secure enough.
    My team see examples every day where a banking security Fob or SMS text carrying a one-time-passcode is either sidestepped or defeated.
    One example this week was a business which had their payment run tampered after it had been loaded up into the bank account. As the owner was entering the banking security Fob code he noticed the account number of the payee had been changed. What had happened is the hacker had already got one of the staff logins from a keylogger and was able to login to the bank and re-direct the creditor payment after it had been loaded up.
    My team’s installing BankVault so all banking will be through this dedicated machine from now on ensuring hackers can never get the bank login credentials. BankVaultOnline.com creates a pristine new machine each time they login ensuring no hacker can ever get their bank login credentials. They will continue to use their banking Fob as usual.
    So I agree 2FA is an important tool but it would be mistake to think that is the end of the story.

Leave a Reply