wordpress blog stats
Connect with us

Hi, what are you looking for?

Exclusive: Indian bank wants to acquire Deception solution to thwart cyber attacks

Amid rising cyberattacks, a bank in India seeks collaborative decoys as a way to trick attackers.

You are reading it here first: A bank in India is looking to acquire a ‘deception’ infrastructure that will act as a fail-safe in case hackers try to access its valuable information. Telecommunication Consultants of India (TCIL) has floated the tender for an unnamed bank and the solution will be installed in its data centre. TCIL, in the tender, said that the deception solution should be able to provide decoy firewalls, decoy web application firewalls (WAF), decoy demilitarised zone (DMZ), and so on. According to SearchSecurity, computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks.

The tender said that the deception solution should support 4 stages of attack:

  • Before the attack: Pre-emption. The deception solution should have the ability to monitor an organisation’s attack surface.
  • During the attack: Detection. The solution should be able to create and deploy authentic deceptions across all endpoints.
  • After the attack: Response. The solution should collect forensic intelligence and the context needed to understand and act on an incident.
  • Stop the attacker movement: Mitigation. For this stage, the tender said that the solution should be able to integrate into the existing security ecosystem and that it should provide in-depth logs to help Security Operations Center mitigate cyber security risks.

How would it work?

The decoys should be scientifically placed in multiple subnets, so the hackers will encounter them in the process of trying to find valuable information. When the hackers try to access the decoys, a silent alert should be raised, and full forensics related to the attack should be collected. Decoy should be able to capture details such as attack vector used, attack methodology, tools used for attack, source of the attack, etc — TCIL tender (emphasis ours)

There has been an increase in bank-specific cyber attacks recently. According to a Financial Express report, Kaspersky Antivirus discovered that increased online payments have paralleled the rise of banking Trojans in the Asia Pacific region. In fact, recently the National Bank of Pakistan reported a cyber security-related incident but informed that no financial loss or data breach has been observed.

A look into what the Deception solution should be able to do

TCIL has given a wide range of requirements that the bidder has to comply with. The solution should create software that acts as a decoy for various banking components such as —

  • Servers
  • Desktops
  • Files
  • User accounts
  • NEFT/RTGS/IMPS
  • Internet banking
  • Mobile banking
  • Loan
  • ATM switch
  • Browsers
  • Share drives
  • Emails
  • Windows credentials
  • Cloud
  • Network devices
  • IoT devices

When cyber attackers target these above-mentioned components of the banking infrastructure, the solution should be able to identify —

  • Attack signature
  • IP info like geolocation, reputation
  • Behaviour patterns
  • Networking scanning attempts
  • Web application vulnerability exploitation
  • Operating system scan

Apart from that, the solution should also create “file decoys”  which when accessed, would trigger alerts silently. “The solution should have ability to trigger alarm if unknown/suspicious/malicious type of files are created/dropped/loaded on the decoys by the attacker,” it said. All these activities have to take place in a sandboxed environment setup virtually so that the real infrastructure does not get affected.

Required solution should cover entire Mitre Att&k framework

The solution should cover and identify the entire Cyber kill chain stages / MITRE ATTACK framework mapping from recon – lateral movement – exfiltration. Also it should replay attacks as they happen to check what is working and what is not (sic) — TCIL tender

Mitre Att&k, is a set of techniques used by adversaries to accomplish a specific objective, according to a blog by McAfee. Those objectives are categorised as tactics in the ATT&CK Matrix, the blog read. The objectives are presented linearly from the point of reconnaissance to the final goal of exfiltration or “impact”, it added.

Advertisement. Scroll to continue reading.

Additionally, the tender made mention of specific cybersecurity threats that target the banking sector, which include —

  • CobaltStrike: Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors”.
  • Empire: Empire is an open source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub.
  • SilentTrinity: Another open source cyber attack framework available on GitHub, SilentTrinity is described as a “modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR”.

System should not be open source: Tender

TCIL said that the bank which has floated the requirement for the tender has said that the base operating system of the solution should not be free open-source software. “But should be hardened enterprise edition (be it Windows or Unix). The bidder has to ensure patches/updates are timely installed and no end of support is there,” it said.

Apart from that, the bidder is required to —

  • Provide centralised management and real-time monitoring console with dashboard and role-based admin/read-only access
  • Impart training to bank personnel or security operations center on the product architecture, functionality, and solution design
  • Ensure hardware sizing such that CPU memory utilisation does not exceed 70%, storage space utilisation does not exceed 80%.

RBI’s Cybersecurity Framework 2016 highlights need for ‘deception’

Deception solutions also known as Honeypot services find a mention in the Reserve Bank of India’s Cyber Security Framework in Banks. RBI said that Honeypot is among the many other features that banks need to put in place as part of the Cyber Security Operations Center. Others include —

  • Methods to identify the root cause of attacks, classify them into identified categories, and come out with solutions to contain further attacks of similar types
  • Incident investigation, forensics, and deep packet analysis
  • Dynamic behaviour analysis
  • Analytics with a good dashboard

Cyber Security Operations Center | Source ReBIT

Also read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ