Banks’ Cyber ​​Intelligence Assessment

  1. Adversaries — What adversaries are likely to target financial services organizations?
  2. Financial (Motivation) — What are the financial motivations for targeting banks or financial services organizations?
  3. Nation State (Motivation) — What nation-state agendas may result in the targeting of financial services organizations?
  4. Ideological (Motivation) — What are the political, social, economic and ideological motivations for targeting financial services organizations?
  5. Malware & Tools — What malware or tools are likely to be used to target financial services organizations?
  6. Tactics, Techniques, and Procedures (TTPs) — What TTPs are likely to be used to target the financial services organization? What tactics are used to gain initial access, dumping credentials, move laterally and exfiltrate data against financial organizations?
  7. Services and Enablers — What external or associated support might adversaries leverage in their operations? (e.g. MaaS, Exploit Kits, Spam Service)
  8. Criminal Forum Activity — What financial fraud related activity can be observed on underground forums, markets, or messaging applications? What financial customer data can be observed on underground forums, markets, or messaging applications?
  9. Indicators — What infrastructure, resources, or indicators of compromise are associated with activity targeting financial organizations?
  10. Critical Business Data — What types of critical business data are adversaries likely to target at financial services organizations?
  11. Sensitive Data — What types of sensitive financial data, strategic business documents and personally identifiable information (PII) are targeted by adversaries?
  12. Critical Business Processes — What types of critical business processes (e.g. procurement processes, finance, IT, HR) are adversaries likely to target or exploit at financial services organizations?
  13. Critical Business Infrastructure — What common business infrastructure, OS and applications is the adversary likely to target or exploit at financial services organizations?
  14. Vulnerabilities — What vulnerabilities are being exploited to target
    organizations?
  15. Monetization — How are adversary operations monetized?
  16. Individuals — What are the cyber threats targeting the organization’s executives, employees and customers?
  17. Customer Financial Data — What are the cyber threats to customer financial account information?
  18. Loan Fraud — What fraudulent activity can be associated with loans and credit-related processes?
  19. Payment Cards (Debit/Credit) — What fraudulent activity can be associated with payment cards?
  20. Identity fraud — What tactics and techniques are adversaries using to conduct identity fraud?
  21. Account Takeover — What fraudulent activity can be associated with account takeover?
  22. Identity Theft — What fraudulent activity can be associated with individual’s identities?
  23. Phone Number Porting/Hijacking — What fraudulent activity can be associated with phone number porting?
  24. ATM — What are the cyber threats to ATMs and their related networks?
  25. Geo-political events — How could geo-political events or initiatives impact organizations and their employees operating in various regions of the world?
  26. Data Exposure and Breaches — What data exposures and breaches have been observed for organization in the financial services sector?
  27. Mobile Applications — What are the cyber threats to mobile bank applications?
  28. Point of Sale (PoS) — What are the cyber threats to Point of Sale systems?
  29. Technology Supply Chain — What are the cyber threats to the Technology Supply Chain?
  30. Insider Threats — How do you monitor insider threats?

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Automotive Security: The Road Ahead of Us

How to make your Google Drive or Microsoft OneDrive private

Corporate Integrity Agreement Between The OIG And HHS

{UPDATE} Escape Game Hack Free Resources Generator

Reolink Argus 2E review: An affordable security cam with all the essentials

Putting Security in the Transport: TLS

CoinWind Weekly Report #28 (September 20th — September 26th)

“Non-Fungible Apes” Collection Role Requirements for NFT HODLing Program

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bank Security

Bank Security

More from Medium

CyberEd #3 Autoruns

The Weekly Threat 4–26–2022

What does Russia’s invasion mean for Cyber Security?

InfoSecSherpa’s News Roundup for Tuesday, May 10, 2022

Sawtooth Mountains in Idaho. See #9 for Idaho cybersecurity news item.