Posted by: Benjamin Vitáris
October 18, 2015
The former MI5 Chief, Lord Evans, has suggested for banks to use the dark web for security reasons. There has been a massive hacker attack recently on several UK banks where the hackers used a malware called ”Dridex” and have successfully stolen tens of millions of pounds from client accounts. This attack has caused a big loss to UK banks and has lowered the reputation of the financial institutions. These happenings made the former MI5 director, who is now working as a non-executive director at HSBC, to suggest banks to use the darknet for preventing hacker attacks on financial institutions. However, Lord Evans has refused to mention if HSBC clients were involved in the recent Dridex attack.
In response to the IBTimes UK’s question, Lord Evans made a statement at the Good Exchange Cybersecurity Summit on 14 October:
“Those players in the industry who are at the leading edge are the ones who have really invested in their intelligence capabilities – both on their own networks and also in a much more forward-leaning approach to understanding what’s happening on hacker sites in terms of developing capabilities. That is something where I think there is still work to do.”
“Certainly giving yourself that forward awareness so that you’re not waiting to see what arrives, you are out there trying to find out what might arrive, I think is quite a game changer. But it does require quite a lot of maturity in your systems in order to do that and it can be quite difficult for some companies to do that.”
Dridex was discovered first by security researchers back in 2014, now it is a common malware used by hackers to hack bank accounts. They have managed to steal $31 millions from different UK bank accounts using Dridex. A joint FBI and NCA investigation have shown that the hackers have managed to infect tens of thousands of computers in around 27 countries using the malware. The Dridex hackers were both targeting big and small financial institutions.
Meanwhile, law enforcement authorities have successfully seized the Dridex botnet that has been spreading the malware, however, according to cybersecurity experts, the software still exists.
“Different banks have different levels of maturity on this,” Lord Evans said. “Those who are at the front of the pack, the area that they really made a big difference was through developing their threat awareness. I think threat awareness is the game changer here. The more you rely on just a great big firewall around your bank and hope for the best, the less likely you are, it seems to me, to get ahead of the threat.”
Several cybersecurity managers have shown their support to the former MI5 Chief’s statements. In an emailed comment to IBTimes UK, Richard Beck, head of cybersecurity at QA, made this statement: “The dark web is increasingly at the forefront of criminal innovation. Tapping into this hidden part of the Internet is the next chapter in the cat and mouse game of cybercrime being played out by the hackers and the IT security teams who continually try to catch them. Having an understanding of how the dark web works is the first step in being able to combat the illegal activities that go on there.”