UK’s Online Banking Industry Looms Large on the Threat Landscape

“More and more companies fear cyber attacks and I would not be surprised if those companies who say they have not yet been attacked simply do not realise that they have been.” — Georges Banna, Director of Business Reporter

Take the recent story of Bangladesh’s Central Bank, where $81 million was captured by hackers, by exploiting none other than the SWIFT banking system, despite its status (among financial analysts) as the “Rolls-Royce” of payment authorization systems for banks.

The Bangladesh hack is considered one of “the most brazen digital bank heists ever”, which seems utterly shocking, given the top-notch security credence that was accredited to SWIFT; the world-renowned, highly trusted, international bank messaging system.

A Fine Target for Cyber Fraudsters: Her Majesty’s UK

The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber attack and the cost of falling victim is rising dramatically.

Why the UK?

The UK’s Digital Economy has what to be proud of for their strong economic success, but with that stature, comes risky attention, the kind that makes you wish you were anonymous (and therefore off the hackers’ radar).

Just How Strong are We Talking?

Within the overall UK economy, the digital media sector is the second largest, accounting for 8.7% of the nation’s GDP. NIESR used growth intelligence data to measure the UK’s economic health, using this data the NIESR estimates between 269,695 and 471,120 businesses make up the UK’s digital economy. While in 2013, the UK Government accounted for an estimate of (only) 120,000 businesses in the digital economy.

This digital economy has spread into every sector, from architecture firms whose activities have become almost entirely digital, to machine tool manufacturers who now use huge online data-processing facilities, such as Hadoop, to monitor every aspect of their processes.

How Does the UK Compare to Other G-20 Countries?

The UK internet economy is the largest of the G-20 countries, in terms of its GDP percentage. Last year, Boston Consulting Group predicted that in 2016, the internet economy would reach $4.2 trillion, 5.3% of the total GDP among all G-20 countries.

Of this 5.3% ($4.2 trillion), 12.4% belongs to the UK, 8% to South Korea, 6.9% to China, and 5.7% to the EU-27. Staggering!

Digitalization is great, right? But what about the risks that come with it?

Online Banking in the UK

While economists are praising the UK digital economy for its dominance in the market, cyber analysts see a future that isn’t as pretty for the UK digital realm;

In the UK’s booming digital economy, online banking fraud is the fastest growing area of crime.

Experian shows that in Q1 of 2015, at least 89 in every 10,000 applications for a current account were fraudulent, leaving (online) bank accounts as the UK’s most commonly used method for attempted digital fraud.

Additionally, cheque, card, and online banking fraud totaled at 339,529 fake applications — an 8% increase from the year before.

For Example: Royal Bank of Scotland

In October 2015, RBS reported that from the start of 2015, their banking customers had been victimized by 4,702 scams — which amounted in total to (almost) 26 million GBP.

Prior to these scams, RBS also has the track record of the 56 million pounds they were fined for in 2014 by the Financial Conduct Authority, for a glitch that prevented many customers from withdrawing cash.

On a Global Scale, Why is Online Banking so Lucrative?

British Telecom (BT) published a report that explores why the finance sector is such a lucrative target for cybercrime:

Cyber criminals’ reasoning and incentive behind targeting banks, especially in the UK, can be understood by both speculation and by facts and figures.

And online banking isn’t only popular on the whole among cyber criminals. On top of that, online banking has a special attraction to ransomware as a weapon choice for cyber criminals.

Moreover, banking-specific trojans exist, such Dridex and Locky, which are both document-based macros used for ransomware distribution, (as our Argos and cyber analysts team have previously found) among UK banks that have proved to lack cyber resilience.

These banking trojans as “particularly aggressive”, as they have mastered the ability to directly get their hands on bank customer’s online credentials.

The cyber threats to online banking are targeted to precision, and are built around their carved-out goal to infiltrate online banking infrastructures.

On the whole, Rob Norris, UK Director of Enterprise and Cybersecurity at Fujitsu stated that “the financial services sector often operates with legacy systems that have been outdated but it’s also a sector where the speed and complexity of innovation, like mobile and online banking, is hard to keep up with from a cybersecurity point of view.”  

UK Digital Economy and its Online Banking

Is there a relationship between the lucrative UK digital economy and its painful trend of online banking fraud?

Recent examples of online banking fraud in UK banks point to the stories of HSBC this past January and NatWest in March.

HSBC was hit by a DDoS attack, a widely popular attack method for targeting bank institutions.

In fact, Deloitte UK believes that in 2015 and again in 2016, cybersecurity is the top concern for IT Internal Audit Professionals, whose attacks in the financial industry are particularly high-profile, compared to cyber attacks in other business sectors.  

The UK Bank Appeal

The UK economy, particularly the financial services industry, has always been a lucrative target for hackers. These services are an optimal DDoS target for hackers, as the mere value of these institutions’ data is plentiful in its own right.

Given the austerity of the UK’s digital economy, their financial institutions have earned the status of “a particularly choice target vertical for impactful attack.”

For hackers, banks are more lucrative targets than the customers — the spoils from a bank hack are greater, with larger transaction values, despite being harder for criminals to yield.

For example, the customers that populate UK banks appear to be a featured demographic on the spectrum of banking customers around the world.

In 2015, 7.75 billion GBP was spent via UK buyer’s contactless cards and mobile devices. 2.8 million of this sum was lost in the processes of financial fraud through bank activity.

As attack (and payment) methods become more sophisticated, the more they are capable of wrecking. The more plausible it is for attackers to get into the banks — the more they’re gonna try and do so.

Other reasons why cyber fraudsters love UK banks:

More UK residents use online banking than your average country’s user-group, and on a much more frequent basis. Another UK-specific facet is that the country’s trends of high credit card limits meaning UK credit card theft poses more opportunity and enjoyment for criminals than it does in other countries.

Another incentive that UK banking features for cyber criminals is the inception of digitalized banking, part of the worldwide phenomenon of banks with a non-physical, entirely digital presence.

One UK-specific example of such is the Atom Bank, a bank who exclusively provides online banking services (via biometric technologies) and no physical branches, delivering to customers via web browsers and smartphones, and through no in-person mediums.

Logically, the less presence a bank has on the ground, or in ‘brick and mortar’, and the more it relies on a digital presence, the more accountability it has in cyberspace, as all its eggs are in one (cyber) basket.

As we see, the appealing factors in the UK online banking realm are case-specific, but what’s more troubling are the successes had by hackers, and the figures their activity has produced.

For effective defeat, cyber fraud needs to be addressed in a wholly case-specific approach. The threat must be understood within its immediate landscape — the country, society, and economy that surrounds it.

Ultimately, to foil attempts at these heinous infiltrations to the online banking sector, each organization needs to crystalize a security strategy that thrives on proactivity: continuously monitors threat actors, invests in technologies such as red team automation and threat mitigation techniques.