Metro Bank Hacked

Uploaded on 2019-02-06 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

UK’s Metro Bank has been attacked by a Signalling Systems Number 7 (SS7) cyber-attack and has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass SS7 attack. 

The attack, which was first discovered by Motherboard and involved hackers tracking phones remotely and intercepting messages to authorise payments from accounts. 

Other banks are understood to have also been affected by this attack and the UK National Security Centre says SS7 attacks are increasing in regularity.

The (SS7) protocol system is used by telecoms companies to coordinate how calls and texts are routed. Hackers were able to exploit flaws in SS7, a protocol used by telecoms companies to coordinate how they route calls and SMS messages around the world.

Ryan Gosling, head of partnerships and Telco at Callsign has told Retail Banker International that the hack on Metro is not surprising but there are some methods the banks should use for SS7.

 “There have been several documented cases of SS7 breaches in the past. But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.

“While some effort has been made by the network operators to address the problem, some SS7 messages just cannot be filtered at the network boundaries. There are some legitimate reasons to send cross-network messages e.g. to set up call roaming.

“Therefore, if hackers can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network. These can be used to set up misdirection of banking verification codes.”

SS7 Attack and Possible Solutions
Gosling says the solution is three-fold. “Firstly, banks must adopt a strong and agile governance process in terms of authentication policies. They should also regularly review these policies. Thus they are fully up to date and can adjust their authentication methods as required to mitigate new threats.

“Secondly, they must employ a proactive cybersecurity research arm. In this way they can keep track of the new attacks being made on SS7 and other legacy protocols.

“The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible. That is, device, call divert, SIM swap, and roaming statuses from MNOs and specialist services.

“As a result, they build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that.

“A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour.  And recognise that a fraudster is at work based on similar combinations of these data points in the future.”

A Metro Bank spokesman said that a "small number" of the bank's customers had been affected. She said: "At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website.”

Metro Bank first reported the issue to authorities and apparently other businesses were affected by this cyber-attack, but they have not made public statements. 

Telegraph:          Verdict:

You Might Also Read:

Barclays Fights Off Cyber-Attacks Daily:

 

« Pentagon Cybersecurity is Falling Behind
The Biggest International Cybercime Offenders »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

Prowler

Prowler

Prowler is at the forefront of the Open Cloud Security movement, championing a new era of transparency, customizability, and community-driven security for cloud environments.

TrueDeploy

TrueDeploy

Making Software Security EASY. The Security Status of Your Software in One Place. All you have to do is Deploy.

SECUREU

SECUREU

At SECUREU, we protect growing businesses against cyberattacks by proactively implementing best security practices, fixing existing security vulnerabilities, and increasing cyber awareness.