IOT on Main Street
Malwarebytes Threatdown Advanced

IOT on Main Street and Threatdown by Malwarebytes have forged a strategic alliance aimed at bolstering cybersecurity defenses within the financial services industry through the deployment of cutting-edge endpoint security solutions. By integrating Threatdown’s advanced threat detection capabilities with IOT on Main Street’s expertise in Internet of Things (IoT) technology, financial institutions can now fortify their digital infrastructure against a myriad of cyber threats. This partnership not only enhances the resilience of critical financial systems but also underscores a collective commitment to safeguarding sensitive financial data, maintaining regulatory compliance, and preserving the trust of clients and stakeholders in an increasingly interconnected and digitized financial landscape.

Malwarebytes for Finance

Preventing and remediating financial cybercrime

THREATS FINANCIAL ORGANIZATIONS FACE

Ransomware

Malware locks and holds financial data for ransom, interrupting productivity and putting trades and money transfers at risk.

Email phishing

Hackers fake email communication among employees to trick them into opening attachments with malicious software.

Customers bombarded with fake emails claiming to be from banks and financial institutions to collect personal information and credentials.

Threat proliferation

Malware spreading across networked endpoints via infected email attachments or compromised files passed amongst employees.

Advanced persistent threats (APTs)

Sophisticated attacker uses stealth and multiple attack methods to test and enter a financial organization.

Attack is sustained over long time periods, probing the network.

Difficult to detect, remove, and trace. (It took Yahoo two years to discover the theft of data on 500 million users in 2014.)

Often involves back doors for ongoing access to gather intelligence.

Malware can sit on financial institutions’ endpoints an average of 98 days before being detected.

Identity theft

Stolen customer data containing date of birth, social security number, and other sensitive information used by cybercriminal to create false identities.

Social engineering

Cybercriminals used publicized details of executives to trick employees into initiating wire transfers or opening spoofed emails with malicious attachment.

State of Finance

The financial services industry plays a vital role in the global economy for both commercial and retail customers. Its sectors span major banks and credit card issuers, insurance companies, pension funds, accounting firms, and stock brokerage companies, to stock exchanges, mortgage companies, and real-estate investment firms. They all represent a tempting target, inspiring a rising tide of cybercriminals who seek to steal money or information, disrupt operations, or compromise infrastructure. While cybersecurity is an obvious priority, it competes against business imperatives that can increase vulnerabilities to malicious activity. They include the need to become more agile and provide customers a seamless experience—whether the business transactions occur online, through mobile applications, or in the cloud.

Challenges Finance faces

Need for complete security visibility

Detecting threats and breaches across the security landscape calls for full awareness of all security events, whether it is before, during, or afterward. That includes threat and breach detection on endpoints, the ability to manage security events from a central location, and the capacity to collect system timelines and analyze breach details after they occur.

Complete malware remediation

Once a breach is discovered, it’s imperative to remove the malware entirely. This can be a time-consuming and costly effort if it requires re-imaging all the infected assets, or remediating the compromised endpoints deskside instead of resolving them remotely.

Regulatory compliance

In the face of the many cybercrime threats to finance and IT operations, federal financial regulators are setting expectations for the industry and holding it accountable for cybersecurity failings.

The Gramm-Leach Bliley Act, also known as the Financial Services Modernization Act of 1999, has a cyber-data component. It requires financial institutions to define safeguarding standards for protecting customer personal financial information from unauthorized access. It also authorizes fines of up to $100,000 for each violation.¹ Financial organizations face even more hurdles from different state regulators, who set out laws related to data breach notification, encryption requirements on portable devices, and the creation of comprehensive cybersecurity programs.

Unauthorized network access

Financial service organizations are striving to grow, innovate, and optimize costs by adopting new business and technology practices. They want to connect with customers by new means, partner with third-party businesses across states and international borders, or outsource control of IT systems, all of which introduces heightened vulnerabilities across a multitude of access points.

For instance, skimmers and hidden cameras installed in ATMs capture credit card payment data, from which perpetrators create their own bankcards and steal from customer accounts. Retail POS scams—such as the high-profile attack on Target—also capture payment data, and take weeks or even months to be discovered, much less mitigated. Encouraged by banks, a significant percentage of customers already use 24/7 access to banking services on their smartphones and tablets, with projections that more than half the US adult population will bank by phone by 2019. This represents a clear path for scammers as malware that steals consumer-banking information gets into mobile phones and waits for users to open a banking app.

According to a recent report, almost half of all data breaches at financial organizations take place through their websites. Among the largest, most dramatic incidents is the one that took place in February 2016, when thieves siphoned off $81 million from a large, poorly secured bank in Bangladesh, using the SWIFT international messaging system to move the money. It happened when the fraudsters obtained legitimate SWIFT network credentials, made bogus transfers, and installed malware on bank computers to cloak their activities. Moreover, a second attack on a SWIFT- connected bank has happened since then.

External threats

Banks, credit card companies, and other financial organizations present an irresistible target for cybercriminals, from individual hackers seeking theft of sensitive information they can monetize to state- sponsored attackers with political agendas. Through malware, social engineering, or even by using employee insiders, bad actors are a fact of business life.

Data breaches are costly in ways that continue after a breach has been discovered and mitigated. Successful cyberattacks degrade a company’s brand image, and therefore its bottom line. Reputation and brand perception are important assets, vulnerable to negative events. Consumer surveys indicate that data breaches are as damaging as poor customer services in how they affect brand reputation. According to another study, once an attack has gone public, and financial organizations must advise consumers that their data is compromised, a majority of companies believe it can take 10 months to more than two years to restore a business’s reputation.

What financial organizations say

Malwarebytes is a very effective tool. It’s enabling us to enhance our overall endpoint security strategy with much better protection. It’s easy to deploy and manage. Best of all, our users don’t have to do anything, except continue to work without interruption.

Garfield Rodriquez

Group IT and Data Security, Sagicor Financial Corporation

The threat environment is just going to get worse and the bad actors continuously get more clever. That’s just the kind of risk we won’t take. Malwarebytes makes sure we don’t.

Russell Heelan

Network Administrator, United Bank

How Malwarebytes can help

Malwarebytes Endpoint Security

Centrally protects financial organizations’ endpoints against known and unknown attacks. Next-gen endpoint protection employs dedicated anti- malware, anti-exploit, and anti-ransomware technologies to detect and block advanced threats, including ransomware. Also works with existing endpoint security programs.

Malwarebytes Breach Remediation

Rapid, lightweight solution detects and removes advanced threats from Windows and Mac endpoints. Scans and cleans infected endpoints remotely using an extensible platform. Forensic Timeliner gathers system events surrounding breaches so the security team can address security gaps and reduce malware dwell-time.