Think perimeter security is enough? Think again…

Most of the data breaches you hear about these days are assessed from the server side. Take a recent incident in the financial services industry—a serious malware attack on the Polish banking sector that was tied to a campaign targeting organizations in more than 30 countries.

In this case, a web application was infected with malicious code that spread from workstation to workstation. The malware was injected on the server side and then spread to clients using JavaScript embedded in the website.

The truth is, this type of attack is the easiest to prevent. Safeguards I use for my personal blog site are sufficient to keep a similar attack from happening to me. You just need secure remote access (SSH with 2 Factor Auth) and an effective firewall.

But now that PSD2 is being forced upon the financial services industry, JavaScript and APIs that execute outside the firewall (open APIs) will become the norm, providing access to extremely sensitive data to any number of 3rd parties. How vulnerable will that make all of our bank accounts?

Every flood starts with a drop of water

Currently, most financial services providers don’t pay much attention to breaches that occur outside the firewall. They are often seen as too small to raise alarm or indistinguishable from “user error,” such as a teller counting out one too many £10s in a retail branch.

However, lots of little “user errors” – $10 in New York, €10 in Amsterdam, £10 in London – across hundreds of days and dozens of cities, can add up to a significant amount of revenue for a thief, without the bank even noticing it was stolen.

In cyber terms, there are many ways in which $10, €10, or £10 could end up in the wrong account. One way is a TLS/SSL MitM (man-in-the-middle) attack. TLS/SSL form the cryptographic foundation of the internet. However, in the last few years they’ve been repeatedly broken by researchers and hackers. And once the encryption is broken, an MitM attack can be perpetrated.

MitM: what you don’t know can hurt you

MitM is a type of cyber attack in which a malicious actor inserts himself into an interaction between two parties, impersonates both parties and gains access to information the two parties were trying to send each other. Any kind of information can be stolen.

There are a number of other ways an MitM attack can be perpetrated, click here for more information on how easy it is. As each theft is tiny, it’s very hard to tell it’s even occurred. Not a lot of analysis has been done regarding the frequency or impact of these types of attacks, never mind how to protect against them. This lack of understanding will leave the industry open to increasing cases of cyber fraud.

One thing is certain however, deploying technologies that harden applications beyond the firewall will become increasingly important for providers who hope to stay secure as PSD2 comes into effect.