Protecting Digital Banking Accounts from Brute-Force Attacks

Brute-force attacks on a financial institution’s digital banking’s infrastructure can impact a significant number of customers and damage a financial institution’s reputation.

A brute-force attack is when a fraudster attempts to gain unauthorized access to an account by cycling through various logins. In most cases, once the fraudster gains access to an account, funds are transferred out electronically as quickly as possible.

Brute-force attacks are a “try until you succeed” approach, which remain one of the most popular password cracking methods. These attacks can take longer, but typically have a higher success rate than other methods of cracking passwords, especially when the attack is focused on a large set of targets, such as online or mobile banking customers.

To add to the success of a brute-force attack, fraudsters typically kick-off an attack by trying to first gain access to user names, account numbers, and other customer information. The most common and effective method of doing so is by penetrating the digital banking infrastructure through phishing emails. These phishing emails can target accountholders directly or be targeted to financial institutions employees at either their work or personal email addresses. This method has been used by the Cobalt gang, for example, as well as Lazarus.

Another way of initiating an attack is by targeting users with malicious software.  This is typically accomplished by hacking third-party companies that do not carefully protect their resources and infecting websites often visited by employees of the target bank, as we saw in the cases of Lazarus and Lurk.

Fraudsters engage in brute-force attacks primarily to perpetrate account take-over (ATO) on retail or business banking accounts. These attacks typically target the vulnerabilities of the financial institution’s digital channels (e.g. online and mobile banking portals) to compromise the login and then attempt the ATO.

While any size financial institution is vulnerable, mid-sized financial institutions need to pay particular attention to these types of attacks. Fraudsters often assume that mid-sized financial institutions are good targets because they may have less sophisticated network security and fraud detection infrastructure than larger financial institutions, while still offering a large number of customers as potential victims.

Financial institutions may think they are protected if they have an automatic account lock-out feature that prevents access to digital banking accounts after a certain number of failed log-in attempts or an out-of-band (OOB) two-factor authentication, which sends the authentication request through a separate communication channel, rather than relying solely on SMS. While this will help stop account take-over on some accounts, it misses the bigger picture.

Financial institutions need a more effective form of protection to address security threats across their entire customer portfolio and systems infrastructure. Guardian Analytics provides a holistic approach to digital banking machine learning & behavioral analytics fraud detection that is a perfect solution to identify and thwart brute-force attacks.

Often the financial institution’s first indication of a brute-force attack is when there is a flood of new “customer” activity. With Guardian Analytics Digital Banking Machine Learning & Behavioral Analytics Fraud Detection, analysts will see a corresponding spike in online and/or mobile fraud alerts. Alerts are issued based on a risk score that uses machine learning and behavioral analytics risk factors to spot anomalies in customer digital behavior or payments activities. Fraud alerts are prioritized and queued for fraud analysts based on alert risk levels and associated risk factors. Along with the alert and risk score, analysts receive the data they need to quickly determine if multiple alerts share similar characteristics, such as coming from the same IP address or Internet provider. This data helps the analysts easily spot relationships between alerts on multiple, unrelated accounts. This is the confirmation that a brute-force attack is underway. As soon as the bank’s Fraud team has confirmation that this is a brute-force attack, all further activity can be blocked at the IP address or network provider level.

Some Guardian Analytics clients using the Digital Banking Fraud Detection solution also outsource the initial alert review to the Guardian Analytics FraudDESK. FraudDESK is a managed service that helps protect against fraud without significantly impacting the staffing of the client’s organization. Expert fraud analysts use the fraud prevention software on the client’s behalf to protect account holders. An additional benefit for clients using FraudDESK, when it comes to brute-force attacks, is that if a brute-force attack is detected for one client, the analysts working alerts for other clients will be forewarned to be on the look-out for a similar attack. Sharing knowledge once a trend is spotted and notifying clients helps everyone respond more effectively, protecting both the security of the bank’s systems and their customers.

In today’s environment of ever-increasing attempts to infiltrate consumer and small business accounts through digital channels, Guardian Analytics Digital Banking Fraud Detection provides both the fraud detection software and FraudDESK services mid-sized financial institutions need to protect themselves and their customers from fraud. Guardian Analytics helps financial institutions quickly and effectively detect suspicious activity through deviations in customers’ unique digital identity and maintain a frictionless digital banking experience for legitimate transactions by understanding and recognizing each customer’s specific digital ID. These advanced capabilities protect against brute-force attacks, at the individual account, portfolio, and network security level.

Want to learn more about how Guardian Analytics fights Brute-Force Attacks? Click here.