Authored article by Saravana Dorairaj, Country Manager, Infoblox India
The banking sector has beenrapidly embracing latest technology while the demanding population is getting tunedto mobility and connectivity; this scenario has compelled Indiato quickly adapt digital transformation of financial business practices.
The Reserve Bank of India (RBI)—which prescribes broad parameters for banking operations in order to maintain public confidence in India’s financial system, protect depositors’ interest, and provide cost-effective banking services to the public—is a key motivator in modernizing banking operations, and guided by its recommendations, individual banks and credit unions are employing technology to enhanceoperations. Security initiatives are a key part of this effort—perhaps the most important part— because of the rapidly growing and evolving threat landscape.
Indian Banking Industry
26 public-sector banks, 25 private-sector banks, 43 foreign banks, 56 regional rural banks, 1,589 urban cooperative banks, and 93,550 rural cooperative banks in addition to cooperative credit institutions comprise the Indian Banking landscape.
Public-sector banks control nearly 80 percent of the market. Currently these banks are leveraging technology to encourage their customers to manage their finances using mobile phones and Internet-based systems. This is part of a technology evolution that started were started after the Reserve Bank of India (RBI) issued a mandate to implement core banking applications to enhance operations at branch levels. These helped banks to begin new innings in the field of technology innovations by building networks across India, data centers, applications, data repositories, and many key security initiatives. Coupled with the economic advancement of the middle class in India and the significant increase in the number of younger consumers, the building of multiple delivery channels to serve customers is becoming realty— Internet-based and mobile applications are driving customer satisfaction and stickiness.
Several specific technology trends are affecting customer behavior in India in ways that increaseopportunity for financial institutions and at the same time increase the challenges associated with network security.
Internet Penetration Is Increasing
New Internet users are growing more than 50 million year on year, on the flip side, there is only 26 percent penetration so far. Having said that, there is a rapid growth in this too thanks to mobile Internet, broadband, and Wi-Fi rollouts. The number of mobile Internet users in India had reached 371 million by June2016, and is on track to cross 500 million users by next year and to double to 730 million by 2020, leaving the United States far behind.
Digital Transactions Are on the Rise
Indian consumers have started extensively using cashless transactions for day-to-day purchases such as movie ticketing, cab booking, air/rail ticketing, holidays, groceries, e-commerce, etc.
Each of these applications promotes increased online usage of mobile wallets, credit cards, and debit cards. Implementations of one-time password, Aadhar-linked transactions, SMS alerts, and the streamlining of Internet-driven processes for banking have built confidence in users to adopt technology-driven channels over legacy channels dependent on branch operations.
Digital channels are also helping banks to streamline redundant operations to reduce costs and deliver contextual and personalised banking to customers using analytics.
Innovation in the Payment Industry Is Driving Customer Behavior
With the proliferation of mobile-based services and the reducing median price of smartphones, the payment industry is on an exponential growth trajectory, further aided by policy, frameworks, and guidelines being formalized by the regulator. Innovative and disruptive solutions have made this volume-intensive and low-margin industry a lucrative one.
From October 2015 to October 2016 cashless payments have grown by 22 percent and India’s financial industry has witnessed 175 percent growth in mobile transactions during the same period. The Unified Payments Interface (UPI) that powers multiple bank accounts into a single mobile application (of any participating bank), merging several banking features, seamless fund routing, and merchant payments into one hood. It also caters to the peer-to-peer collect request, which can be scheduled and paid as per requirement and convenience. UPI alone has surged to 1.4 million transactions worth INR 480 crore by December 2016.
Digital payments in India are estimated to grow at steady rate to 500 billion USD by 2020 from the current size of 50 billion. With digital initiatives underway by state and central governments, it is expected that 59 percent of all transactions will go digital by 2025.
Cybersecurity Challenges and Incidents
The same technological advances and consumer trends that are transforming financial industry business practices in India are also creating new threat vectors and vulnerabilities for bank networks.
Infrastructure Outages: Distributed Denial of Service (DNS)
Distributed-denial-of-service (DDoS) attacks affecting multiple major organizations in the recent times have become increasingly common and are hampering functioning of critical infrastructure in many countries. In 2016, large enterprises and service providers worldwide experienced bandwidth saturation under DDoS attack. Many of these incorporate Internet of Things (IoT) devices to overwhelm target networks.
Analysis and visibility of DDoS attacks remains a daunting task, being largely dependent on real-time traffic analysis and reports or logs from security infrastructure. In 2017, 800-Gbps DDoS attacks were reported—60 percent higher than the 500-Gbps attack that was the largest reported in 2015.
DNS is the most common service being targeted by using amplification- and reflection-based attacks according to Arbor’s Worldwide Infrastructure Security Report, Vol XII. Cisco’s Security 2017 report states that DNS security and DDoS mitigation are a few of the technologies which are the most time-consuming and difficult technologies to manage.
Primarily, DNS is being targeted for the following reasons:
• DNS is the cornerstone of the Internet, used by all the leading banks/financial institutions for internal and external application.
• DNS, being a stateless protocol, can be easily spoofed and redirected for malicious intent. • The DNS protocol is easy to exploit. A legitimate DNS query to the Internet can amplify a response by a factor of 93, which can bottleneck Internet infrastructure. • Many banking infrastructures provide little or no visibility of inbound and outbound traffic.
A few indicators of an increasein DDoS incidents in India during 2016 comprise internet service providers hit by a DDoS attack in July in Mumbai. Further, a report from security vendor Symantec, which studied DDoS attack patterns across 50 different countriesfound that 26 percent of all DDoS attack traffic in the world originated in India. According to a Q2’16 Akamai report, India is among the top 10 source countries. A March 2016 F-Secure Threat Round up Report stated that India emerged as the fifth highest country witnessing infections via DNS hijacks in 2015.
DDoS attacks are not, of course, limited to India. On October 22 of 2016, cybercriminals seized control of a Brazilian Bank for five hours, compromising 36 of the bank’s domains, including its internal email and FTP servers, and captured electronic transactions. Kaspersky Lab’s research and analysis team in Latin America says the attackers were able to pull off the heist by compromising the bank’s DNS provider Registro.br and gaining administrative control of the bank’s DNS account.
Also Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.
According to a 2017 Ixia security report, there has been an almost 100 percent rise in data breaches from end-user devices, with 67 percent of the breaches taking days to detect. As the emphasis in 2016 on hardening infrastructure increased, attacks against servers, hardened terminals, and the network itself trended down, as expected. Servers remain the top attack vector per Verizon’s Data Breach Investigations Report findings, but have been on the decline for several years. The human element, however, from shadow cloud SaaS usage to casual use of laptop or smartphone devices not managed 24/7 by IT, continues to rise.
The security, integrity, and reliability of Internet commerce and communication depend on underlying DNS services. Advanced targeted attacks often focus on DNS services either directly or as part of a broader attack campaign.
DNS services can also present vulnerabilities that enable data-exfiltration attacks to succeed. Methods to exploit these vulnerabilities have been demonstrated as far back as 2007, and in recent years, they have been used in several real-world breaches. The DNS protocol uses stateless messaging for a DNS client to submit queries to an external server and receive external replies from that server. These queries and replies can contain up to 512 octets of data, and no message-level security is enforced in standard DNS services. This combination provides an easyto- exploit path whereby attacks can subvert DNS services for both malware updating and data exfiltration. While traditional DLP solutions focus on other protocols, they have limited visibility into DNS conversations and hence are ineffective in detecting DNS based data exfiltration.
The solution to protect sensitive sector like the financial one lies in providing core network services, automates cloud deployments, and increased reliability of enterprise and service provider networks around the world. Providing infrastructure protection would include protection for Domain Name System (DNS), secures data thus help mitigate the spread of malware, and eases security operations through ecosystem integrations.