Illusive Blog August 21, 2017

Banks Can Get Ahead of Fraud by Detecting Lateral Movements

By Matan Kubovsky

In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.

Financial institutions obviously need better automation to prevent fraud. Following a wave of similar attacks affecting more than a dozen other banks, illusive responded by developing Wire Transfer Guard™ — the first deception solution designed specifically to detect, divert, and mitigate advanced attacks on wire transfer networks, built on its Deceptions Everywhere® approach.

Of course, financial organizations – banks in particular — face many forms of fraud and targeted attacks. Rapid adoption of online and mobile banking services, widespread M&A activity, and growing inter-dependencies across the digital financial ecosystem significantly increase the numbers of critical systems that banks and other financial services need to protect within their premises, and multiply the points of entry available to attackers. Using the illusive networks core solution, the same approach behind Wire Transfer Guard can be applied to protect other specialized or high-risk systems and applications within banks, securities firms, insurance companies and clearinghouses.


The key is being able to detect an adversary’s lateral movements—easier said than done because they use valid credentials, obtained through phishing or a variety of other means, to skirt rules-oriented or policy-based controls. Once they’ve established a foothold in the corporate environment, they study the environment and methodically move from one system to another, inching closer to their targets. Although elaborate controls around crown jewel systems are essential for a comprehensive cybersecurity program, in the case of APTs, they are a last line of defense — not a core strategy. At that point they’re down to the wire. Once that last line is crossed, it is probably too late.

illusive detects lateral moves by covering the environment with authentic-looking, dynamic deceptions, which the attacker will soon be lured to activate, triggering an alert. Once able to detect adversaries in the lateral movement stage, organizations have the power to discover and act far earlier in the attack process—long before that last line of defense gets tested.  Wire Transfer Guard also gives incident responders the ability to see an attacker’s position relative to crown jewel assets, and rich forensic data to support rapid action—and, given its agentless, automated architecture, is easy to deploy and inexpensive to operate. Though purpose-built to protect wire transfer communications in a SWIFT environment, it is an example of how the illusive Core Solution can be extended to deter attacks targeting virtually any kind of critical system, business process, or application.

With a proactive, deceptions-based approach, financial services companies can improve their ability to mitigate many of the risk inherent in today’s fast-paced, technology-driven business environment. In the rapid deployment of mobile apps, for example, an organization’s inherent inability to control the behavior and devices of their customers and partners becomes a far less consequential risk factor. The security gaps and vulnerabilities that might be introduced during M&A activity are less likely to lead to high-impact attacks. The organization is stronger in the face of insider threats. With the ability to take action against APTs, CISOs can help his or her organization reduce cyber risk, even as the financial ecosystem continues to expand.

For more information about the Deceptions Everywhere approach, download Deception—Attackers’ Achilles Heel or our white paper, Wire Transfer Attacks, APT, and Well-Funded, Organized Attackers.