Brute Force PIN Cyber Attack is the new techniques of cyber criminals which are similar to password brute force attack. Considering that PIN numbers are easier to break due to the limited length, Brute Forcing it through Cyber channel is quite easy, especially if the bank’s basic security controls are weak. Inadequate processes and unmanaged changes further weaken the controls, even if it existed earlier.
So is there a different approach to take to protect banks from Brute force PIN Cyber Attack? Security experts agree that cyber security measures are more or less the same in any attack scenarios, but the focus areas and priorities during an incident or an emerging or spreading threat need a different way of handling. Prioritization of actions according to attack technique and scope is the key to the appropriate prevention of potential breaches.
For best practices in Cyber Securityclick here
How to protect your organization from Brute Force PIN Cyber Attack?
Brute Force PIN Cyber Attack Prevention - Priority P1 (Immediate)
- Monitor and review significant transactions through all channels (especially on e-channels). Ensure relevant security controls on all e-channel logins and operations.
- Keep close monitoring on all external services related traffic, data flow and systems
- Keep a close eye on all external access, server/application/network logs
- Monitor all outgoing traffic, and keep a close eye on those with attachments.
- Review all the external penetration tests and vulnerability assessment reports to get the gaps closed.
- Run vulnerability scanning to ensure that no significant gaps exist.
- Diligently review and monitor all account creations, access changes, and successful and failed logins. Review on a regular basis, and investigate suspicious ones in a thorough manner. Focus on the access from outside channels.
- Examine the security patch installation status, and make sure that all critical patches are installed and maintained in an organized manner, with necessary precautions.
- Collect any further threat intelligence about this particular incident, and review the relevant areas, and address the gaps on an emergency basis.
- Avail any threat intelligence relevant to your industry or unique to your organization
Brute Force PIN Cyber Attack Prevention – Priority P2 (Short Term)
- Ensure to carry out a comprehensive penetration testing and vulnerability assessment on all external-facing systems at a priority, and make sure that you close those findings/gaps on a timely and efficient basis.
- Have a review and retest whenever a significant change takes place in the systems or environment or after closing the security findings and make sure controls are still intact.
- Have alternative or possible mitigating controls, where more appropriate recommended controls are not easy to implement or need more time and investments.
- Make sure all changes are reviewed for security risks and also conduct security review after the change implemented.
- Have an inventory of all external facing services and carry out a thorough risk assessment on all the outward services
- Enable Dual Factor or similar authentication (as a minimum) for all external access by your staff or customers.
- Always send a notification(SMS/Email)to your clients after any transactions or changes/activities on their account.
- Run a compromise assessment on all external-facing systems and devices to detect past breaches.
- Ensure that all new projects/products undergo a security review and ratification before initiating.
- Ensure that all new application and system development follows the Secure SDLC (System Development Life Cycle) Policy
Brute Force PIN Cyber Attack Prevention – Priority P3 (Medium/Long Term)
How to be an effective CISO for your organization?
- Information Security Organization structure that is effective, with right authority levels and executive support
- Have a well-defined Information Security Strategy and policy framework addressing all business areas and risk domains.
- Develop an inventory of all business & support services and processes, assets, and connectivity
- Develop a high-level diagram that represents all external services, access, open ports, data flow.
- Assess all the risks associated with the listed internal and external exposed services, including Red Team assessment.
- Deploy appropriate and efficient controls (Technology, procedural and people levels of controls) in alignment with basic security principles like Multilevel defense, least privilege, and need to have.
- Identify, classify, monitor and manage all the systems and data owned by the organization.
- Ensure a centralized and well-managed access management setup, utilizing latest IDAM (Identify and Access Management) solution. Access provisioning and de-provisioning must be following least privilege principles.
- Establish a fool-proof monitoring setup, with an appropriate SIEM (Security Incident and Event Management) solution.
- Ensure to get Threat intelligence services from various internal and external sources. A compiled and correlated applicable for your kind of business and specific to your organization.
About the Author
Illyas Kooliyankal is a well-known Cyber Security Expert, currently working as the CISO at a prominent bank in UAE and serving as Vice President of ISC2 (UAE Chapter). He has won many international awards, including the IDC Middle East CISO Award, ECCouncil (USA) Global CISO Award (Runner-Up), ISACA CISO, and Emirates Airlines CISM Award. He is a well-received keynote speaker at many international conferences in the USA, UK, Singapore, Dubai, etc.
Disclaimer:
Secure Reading(SR) has no confirmed sources for the information shared in the above news/articles. It relies on various unconfirmed inputs, social media claims, and websites for its content, and cannot guarantee the accuracy, timeliness, and genuineness of the same. If there is any error in the news, and once it is brought up to our attention with relevant evidence, SR is willing to make necessary corrections as applicable.