SpyCloud: Ex-FBI Agent Reveals Hidden Strategies of Cyberworld

In an interview with FinTech Magazine, Trevor Hilligoss, the Vice President of SpyCloud Labs, and a former FBI agent, identified common cyber threats and advised strategies for financial sector leaders. Key points of the conversation included:

– Cybercriminals increasingly adopting the tactic of session hijacking using infostealers; this lets them bypass conventional defences and pose as lawful employees or customers.
– Financial organizations need to enforce stringent authentication policies, reassess access procedures with staff changes, and introduce clear protocols for device use.
– Cookie duration must be limited, where possible, in the authentication phase to mitigate the risk of an info-stealer attack.
– An absolute defense strategy against malware and session hijacking demands a comprehensive approach to remediate the stolen data before criminals can exploit it.

Reportedly, identity-driven assaults using stolen usernames and passwords, also known as account takeover (ATO), are the most prevalent strategies for cybercriminals attacking financial institutions. In 2022, SpyCloud recovered over 3.6 million exposed credentials (username/email and password) associated with the fintech sector.

However, the emergence of malware has allowed cybercriminals to evolve their methods. Session hijacking, which uses info-stealing malware to extract high-quality data such as session cookies from infected employee browsers, is a rapid growing attack technique. This data is being used by criminals to pose as legitimate users, thereby circumventing controls deployed to block malicious access.

To confront ATO and other cyber attacks, Hilligoss recommended that financial organizations enforce tough authentication policies with non-SMS or email-based Single-Sign-On (SSO) whenever possible. It’s also critical to regularly monitor and update access procedures and protocols when employees change roles or exit the company. Clear protocols for the proper use of business and personal devices need to be established and adhered to.

However, protection against malware and session hijacking requires a symbiotic strategy, as changing a password after a malware attack does not necessarily invalidate active user sessions or trusted device tokens. Therefore, a broad malware infection remediation strategy is required.

Hilligoss argued that any firm managing personal information for its users must use a comprehensive cyber-defense strategy, featuring controls for the various access methods available in its environment.