Strategy and governance

Identity management

Threats and vulnerabilities

Top story

PwC Weekly

Security Report This is a weekly digest of security news and events from around the world. Excerpts from news items are presented and web links are provided for further information.

Strategy and governance RBI asks lenders to put in place cyber security policy

Identity management The future of identity management: Passwords and the cloud

Threats and vulnerabilities Dridex spam bursts reveal new threat tactics

Top story SWIFT threatens to give insecure banks a slap if they don't shape up

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

RBI asks lenders to put in place cyber security policy The Reserve Bank of India on Thursday said the country's lenders must put in place a cyber security policy "immediately" in order to combat internet threats and asked the sector to identify risks according to the degree of potential danger. "It is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the RBI said in a statement. "Banks should immediately put in place a cybersecurity policy elucidating the strategy containing an appropriate approach to combat cyber threats." The central bank asked lenders to specify potential risks as "low, moderate, high and very high" and reiterated that the lenders must report all "unusual cyber-security incidents" to the RBI. The new cyber-security policy should be separate from the bank's broader information technology policy, the RBI said. The RBI said a recent increase in Internet attacks on financial institutions underlined the "urgent" need to put in place a robust cyber-security framework in the banking system. Central banks globally have been asking their lenders to beef up their cyber security protection systems after $81 million was stolen from a Bangladesh central bank account with the New York Federal Reserve, in one of the biggest-ever cyber heists. The following is the link from reserve bank of India where more details can be found https://www.rbi.org.in/Scripts/NotificationUser.as px?Id=10435&Mode=0

Source: http://in.reuters.com/article/india-rbicyber-security-banks-idINKCN0YO1FH

Our perspective Banks should have a cyber security policy in place, which is separate from the IT/IS security policy. Further, banks need to automate their IT asset management processes and should build capabilities to integrate the various threat feeds into the security operations centre (SOC) in order to improve their cyber defence.

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

The future of identity management: Passwords and the cloud Compromised credentials are still the cause of almost a quarter of all data breaches, according to the Cloud Security Alliance. With a surge in cybercrime, it’s no wonder that the global identity and access management (IAM) market is expected to reach USD 24.55 billion by 2022, according to Research and Markets. “Identity Management will serve as the central hub that other services leverage for threat detection, policy enforcement, and overall governance. Examples are CASB and SIEM integration,” Alvaro Hoyos, CISO at OneLogin, told Help Net Security. “More governance related features like more full featured security workflows, more access and authentication monitoring, ability to make better decisions about what applications to bring into the ecosystem that has the identity management solution as it’s base. In addition, identity management is key for our professional and personal lives, so serving both B2B and B2C needs simultaneously might have higher demand. Features such as social sign-in are a clear indicator of this trend,” he added.

Identity and the cloud The cloud already has a strong impact in the daily lives of many people and businesses. Improved trust and security are critical to encouraging continued wide-scale cloud adoption. The question of trust within the cloud enables organizations of all sizes to realize the benefits of cloud computing. “The liability faced by cloud service providers will continue to increase as identity management becomes ubiquitous in both our business and personal lives. The increased frequency of successful breaches will also have an impact on how companies deal with that liability, and cybersecurity insurance will be more closely tied to the work companies are doing to reduce risks,” says Hoyos. Source: https://www.helpnetsecurity.com/2016/ 05/24/cerber-ransomware-ddos/

Passwords in the enterprise

Our perspective

Passwords in the enterprise were never really that secure in the first place. But in the absence of anything else, they were long the de facto standard.

Identity management solutions are a very important element in the overall enterprise security architecture of any organisation. A well-defined identity management policy, implemented with a mature solution, ensures early threat detection and effective governance, enabling early breach detection and hence minimising any serious damage.

“Perhaps the most significant change will be the abandonment of the username and password convention that was created nearly 40 years ago for more simple needs and networks. In its place will be multi-factor authentication,” says Brian Spector, CEO of MIRACL. “Regardless of the device or factors that initiate or complete the authentication, what will be required for the success of security on the Internet is both the simplicity with which authentication can take place from a user’s perspective and the easing of administrative investment required from the service side,” he added.

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

Dridex spam bursts reveal new threat tactics The infamous banking trojan Dridex sputtered back to life at the end of May after a quiet month with new capabilities designed to trick users into opening a malicious attachment and bypass security filters. The trojan was unusually inactive during most of last month, before reappearing in a new wave of spam emails, according to Trend Micro researchers Michael Casayuran, Rhena Inocencio, and Jay Yaneza. These emails show the threat actors behind the campaign have changed tactics slightly, using a different kind of social engineering designed to trick users into opening the malicious attachment. The subject line of the spam bears the message “account compromised” while the main body of the email contains details of a supposed suspicious logon attempt, including an IP address to make it look legitimate.

The attachment supposedly has the full report of this spoofed incident, Trend Micro said. “The spammed message is almost believable except for that one missing crucial detail. It doesn’t have any information on what type of account (email, bank, social media accounts etc.) is compromised,” it added in a blog post. “Based on our research, the spam runs of Dridex have semblances with Locky ransomware with its use of macros and identical email templates.” Another new feature is the use of Certutil and Personal Information Exchange (.PFX) files – the latter typically used by software certificates to store public and private keys.

Strategy and governance

Identity management

When you open the .ZIP file attachment and the word document, a .PFX file is dropped. However, this won’t necessarily run on your system because it’s encrypted,” Trend Micro explained. “This is where Certutil comes in, decoding a base64-text file to convert the .PFX file to .EXE file. When the .PFX file is finally converted into an executable file, DRIDEX infects your system.” The reason why the Dridex authors have gone to this extra effort is that .PFX and Certutil apparently help to pass off the malicious file as a legitimate certificate. Trend Micro urged users to mitigate the risk of Dridex infection by not opening attachments or enabling macros when receiving unsolicited emails. “On the other hand, enterprises can create policies that will block off email messages with attachments from unknown sources,” the vendor concluded. “It also recommended that they educate their employees about this type of security threat and what to do when they encounter one.”

Threats and vulnerabilities

Top story

Source: http://www.infosecuritymagazine.com/news/dridex-spam-burstsreveal-new/

Our perspective User awareness and training on email security should be undertaken as an ongoing and not as a one-time activity. Users should be made aware about the impacts of malware attacks. An effective control should be in place to scan and, if required, block emails with attachments from unknown and suspicious domains.

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

SWIFT threatens to give insecure banks a slap if they don't shape up Network also says it will impose 'baseline' security standards The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defenses until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers using malware infecting bank terminals to obtain login credentials for the SWIFT messaging system, allowing crooks to send fraudulent transfer orders. In response, SWIFT said it will "expand" its use of two-factor authentication as well as mandating “baseline” security standards, which financial institutions will be assisted in meeting.

SWIFT’s customer security programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines. Richard Brown, director of EMEA channels & alliances at DDoS mitigation vendor Arbor Networks, welcomed the tougher line and called for an increase in collaboration between international banks. “This announcement from Swift will hopefully force banks to take even further steps to proactively assess and improve their security posture,” Brown said. “The financial services industry is one of the best at sharing threat intelligence and organisations such as CERT-UK are promoting this across different verticals. This style of collaborative approach against cybercriminals will be far more effective than each individual organisation fighting their own battle.” Banks are already among the most heavily regulated organisations, thanks to regulations such as PCI and Sarbanes–Oxley. Brown reckons there’s still room for improvement. “The news that Swift will not work with any banks with sub-standard security standards will be welcomed by the public, but also worry many financial institutions,” Brown said. “Banks are an attractive target for cybercriminals because of the money and valuable data they hold. Just this week we saw the Federal Reserve announce it has been hacked more than 50 times in the past five years, so it is clearly losing the battle against cybercriminals.” Source: http://www.theregister.co.uk/2016/06/03 /swift_threatens_insecure_bank_ suspensions/

About PwC At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 2,08,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com In India, PwC has offices in these cities: Ahmedabad, Bengaluru, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune. For more information about PwC India's service offerings, visit www.pwc.com/in PwC refers to the PwC International network and/or one or more of its member firms, each of which is a separate, independent and distinct legal entity in separate lines of service. Please see www.pwc.com/structure for further details. ©2016 PwC. All rights reserved

For any queries, please contact: Sivarama Krishnan [email protected] Amol Bhat [email protected]

© 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity.

KS6441