The financial services industry has been plagued with several notable ransomware attacks over the past couple of years, according to Chris Schatz, senior penetration tester for Info@Risk.
These include:
Common infection methods include malicious emails and attachments, vulnerable services such as SMB, malicious web pages, “malvertising,” and corrupt media such as USB drives and CDs, says Schatz, who conducted a threat simulation exercise.
On the flip side, credit unions can take certain detection and preventive measures to ward off these threats, says Peter Misurek, senior information security engineer for Royal Credit Union in Eau Claire, Wis.
Tools to spot compromises include enabling process execution auditing, part of which entails configuring reports and rules to monitor suspicious process executions, Misurek says.
He also advises centrally logging network traffic and monitoring domain name server traffic.
Misurek says credit unions can help prevent comprises by:
Misurek and Schatz addressed the CUNA Technology Council’s 5th Annual Security Summit Wednesday in San Francisco.
►Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCouncil and #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.