The Common Vulnerability That Fintech and Bananas Share
Fintech is defined by technologies that span the cloud, mobile devices, blockchain, and AI for financial applications ranging from virtual currencies, to payment processing, money transfers, equity trading, and regulatory compliance, among others.
There has been spectacular scaling in the sector of late, and today there are no less than 27 billion-dollar valued Fintech companies. Unfortunately, lapses in cybersecurity have been equally spectacular, with over 1 billion dollars stolen from cryptocurrency exchanges in 2018. The perpetrators run the gamut from those who exploited vulnerabilities in crypto wallet software and servers to state-sponsored actors, including but not limited to, North Korea. The issues arise from a variety of sources: the increased connectivity of systems and the requirement that potentially incompatible interfaces now integrate; the expansion of fintech to previously unbanked populations, which are likely less technologically savvy; and the harvesting of customers’ data footprints, putting a bull’s eye on private information.
Fintech startups share a common issue with the big banks and main street financial institutions – a need for strong cybersecurity, since both are targeted by lone wolf cyber criminals and nation state hacking collectives. The 45-year old Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, which is the backbone of international bank transfers, has itself been the subject of multiple hacks ranging from a few million, to over 1 billion dollars. Even the now 20-year old Paypal system, that generated so much wealth in the original dot com boom, has been breached. The attack on PayPal may have compromised up to 1.6 million customers’ information. TIO Networks, a cloud-based multi-channel bill payment processor and receivables management provider, which was acquired by PayPal in July 2017, was infiltrated.
Cloning is the weakness that is hidden in plain sight
Let’s focus on agribusiness for a moment to explain the analogy. The agriculture industry plants crops that grow most easily and produce the highest yield, while encouraging customers to prefer those. Cavendish bananas are a prime example – they are genetically identical, and every one of them is a clone of the one next to it. Each is essentially part of the same plant. The inherent risk with Cavendish bananas is that a single malady – a bug or pathogen can wipe out the entire crop.
Now back to technology. Understandably, there is a great deal of attention paid to securing vulnerabilities where hackers are most easily able to penetrate financial systems such as weak Identity and Access Management (IAM), or poorly implemented encryption. However, the common weakness to all of the systems most commonly used in Fintech is actually hidden in plain sight – the solutions are all clones of each other!
Did you know that every SaaS solution, mobile app, or cloud back-end system is the same? It is the accepted practice to develop a standard image and scale it up from source code, along with third party libraries, middleware, frameworks and a supporting container, OS (operating system), or hypervisor infrastructure. Said another way, all the crucial parts of the Fintech ecosystem spring from the same plant.
United Fruit Company (rebranded in 1984 as Chiquita Brands International) used the same DNA crops over and over to achieve economies of scale and a uniform fruit. That worked well for some time, until Panama disease, a pathogen, wiped out banana plantations in the 1890’s. Nothing could preclude the spread of the virus. Instead of just infecting a single plant or field, the disease affected all crops everywhere. Sounds implausible? It already happened with bananas that were grown commercially as clones.
As bananas remain vulnerable, cyberhardening immunizes software from malware spread
So, what can be done to combat weaknesses that allow software and hardware vulnerabilities to be exploited? Add as much natural resistance as possible to the code and monitor it as closely as possible. These are already best practices in the financial industry, with code inspections, firewalls, Intrusion Prevention Systems (IPS), and endpoint security.
Unfortunately, the presence of the protections noted above has caused adversaries to evolve newer memory-based, fileless and compromised supply chain zero-day attacks that side-step them entirely. Examples of the volume, variety, and strength of these attacks abound:
- NotPetya supply chain attack – most devasting cyberattack in history
- NSA – ”Adversaries increasingly turning to supply chain exploitation”
- Compromised supply chain attacks – 200% increase over last year
- Virtualization bugs skyrocketed – 275% increase over last year
- Fileless attacks – 10 X more likely than traditional attacks over last year
What is the best way for companies to stay ahead of the evolution? RunSafe Security’s Alkemist™ RASP (Runtime App Self Protection) and MTD (Moving Target Defense) binary transformation is an agentless, easy to use and simple to deploy approach. It keeps financial systems up and running by preventing scaling zero-day attacks in existing or new environments. It works at the binary level, so covers even third-party code – but doesn’t require access to any code. Most significantly, it makes all systems functionally identical, yet logically unique and denies malware the uniformity required to replicate, thereby sidestepping the risk posed by cloned bananas.
Alkemist protects and diversifies financial systems’ DNA. Its proactive protection compliments existing security approaches, reducing the costs and delays associated with reactive detection, alerting, SOC (Security Operations Center) triage, and expensive out-of-band patching. So, while your fruits and vegetables remain vulnerable, our technology ensures that your hardware and software doesn’t have to.
Originally this article was published here.
This article was written by Simon Hartley, the VP of Business Development at RunSafe Security, the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable systems and devices. Simon is an expert in cybersecurity, mobility and IoT with over 20 years of experience in enterprise software sales, marketing, and product management.