/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/wp-content/uploads/2015/07/cyberattack_1805164b.jpg)
NEw DELHI: British Telecom (BT) has launched 'BT Assure Ethical Hacking for Finance', a new security service designed to test the exposure of financial services organisations to cyber attacks.
The new Assure ‘Ethical Hacking for Finance’ will enable BT to use CREST ( www.crest-approved.org) certified Simulated Targeted Attack and Response (STAR) services to help financial services firms to develop their security solutions, ensuring sensitive customer data remains secure.
Assure Ethical Hacking for Finance uses mature methodologies that mimic those of black hats or malicious attackers to provide a range of tests targeted at the various entry points to a bank’s IT systems as well as perceived 'weak points' of an organisation.
BT's ethical hackers have been able to perform database dumps of tens of thousands of social security and credit card numbers; intercept and modify mobile cheque deposit data; reverse engineer proprietary encryption streams; generate enormous, valid gift cards with payment details from other test accounts; create admin accounts by having an employee simply open an email; escape remote access sessions and get shell access to systems, including subsequent establishment of tunnels into the company; transfer funds between unauthorized test accounts or harvest complete account data for all users by attacking machine-to-machine communications, a release said.
Mark Hughes, President of BT Security, said: “The prospect of accessing confidential financial information is a powerful lure for hackers so few companies attract as much online criminal attention as banks. Apart from direct financial loss, a serious hack could lead to irreparable reputational damage. While much of the concern focuses on retail-banking activities, the threat is just as important for investment banks or for wholesale, where banks provide services like currency conversion and large trade transactions for major corporate customers.
We encourage all financial institutions to put themselves through a rigorous series of cyber-security simulations, whereby our ethical hacking consultants push the cyber defences of financial institutions to the limit.”