Cybercriminals do it for the money. Okay, maybe not all of them but most of them do. In fact, according to the Verizon DBIR, 71% are financially motivated. That was 2019. Fast forward to now, and we see that the 2022 Verizon DBIR notes that 95% of the attacks on Financial and Insurance related organizations were motivated by the promise of easy money.
Why Do Hackers Target Financial Institutions?
Well, hackers don’t (waves at our pentester and ethical hacking friends 👋), but cybercriminals overwhelmingly do. Primarily, they target these organizations because any information they can steal, they can sell on the dark web. Financial services organizations collect massive volumes of sensitive information such as driver’s license numbers, social security numbers, and addresses, along with storing financial information about their customers’ accounts. All of which are high-value targets for the attackers who can use them to commit fraud, identity theft, or simply steal assets directly.
For financial organizations that deal with loan applications, like banks and credit unions, this problem is amplified as the loan process requires submission and validation of every aspect of an applicant’s financial life – usually in the form of a file. These applications include job history validation, proof of earnings, evidence of financial assets in other institutions, and much more. With approximately 23.3 million home loan applications in the US alone, which is only a fraction of overall loans written, cybercriminals have plenty of incentives to target applications.
They aim to get their hands on financial institutions’ data by directly targeting the application process. By embedding hidden threats in files in submitted applications, they hope to have their code launched, infecting internal systems, stealing data, and opening back doors, allowing them access to all this sensitive information. In this blog, we explore the challenges with loan applications and discover ways in which to mitigate hidden threats in the application process.
Assumed Safe? Hidden Threats in Safe Places
Companies have long assumed that a subset of files is perfectly safe to use and distribute throughout the organization. These files are shared widely through email, collaboration tools, and shared storage with little regard for threats that may lurk inside them. Triggering their hidden content is as simple as opening the file to view it, which is necessary for lenders to review loan applications. This leads to the conundrum of ensuring employees and the company remain safe while allowing workers to do the critical work of processing loan applications quickly.
Documents and Images
Documents and images have long been considered safe file types, but cybercriminals have exploited them to deliver malicious code. Malicious content is frequently provided through corrupt PDFs, malicious document macros, and malware embedded in images (also called image steganography) These file types have often been considered the de facto standard of “safe” content for companies but instead form the foundation as vectors for cybercriminals to push toxic code.
This challenge is particularly concerning for loan applications, as these files comprise most of the evidence applicants submit, including financial documents, employment records, and asset ownership. All of this evidence is necessary for the proper assessment and underwriting of a loan, but it comes from external sources – anyone attempting to qualify for a loan. Any of which could be unwittingly using a malware-infected endpoint or traversing an insecure network like a public network at a coffee shop.
Detection is Not Enough
Detection is often used in combatting malware threats in files. The challenge with detection is that it often relies on malware having been seen previously and logged into a centralized database. Researchers may have captured malware, discovered it sold on the dark web, or acquired it from user reports when a program misbehaves. When detected, AV companies create signature files to identify the malware again in the future.
There is a time lag between when malware emerges in the wild and when it is detected. Part of this lag comes from cybercriminals continually updating existing malware and using different obfuscation techniques, making it harder to detect. In addition, criminals are constantly creating new strains of malware that have never been seen before and may exploit a novel vulnerability (such as Follina). Until vendors patch these vulnerabilities or the malware is detected, these Zero Day threats wreak havoc unhindered. Relying only on detection capabilities leaves a window of attack for every new or modified strain of malware released.
Protecting Loan Applications in the Cloud
For financial companies accepting loan applications, the process may be as simple as an upload button on a webpage to a complex cloud-hosted automated process that walks applicants through every application step, intelligently collecting the correct information along the way.
No matter the process, they all take in submitted evidence from applicants, which eventually ends up being stored by the organization in some capacity. Software collecting the information could email underwriters or place data in a cloud-based storage repository to review at a later time.
Malicious content that comes in as part of a submission sits idly until a time-limit is reached, or it is opened by an employee. At this point, the toxic content activates, launching the destructive code on systems behind security perimeters. Systems become infected and malicious code can spread across interconnected endpoints and storage, amplifying the damage.
Defending the Pipeline
The only appropriate way to prevent this damage is to eliminate the threats as it comes into the organization. Integrating file sanitization into the submission/storage process removes the threat of new files. Whether loan applications happen via emailed documents or using a file-upload application, when file sanitization is integrated as part of the loan application pipeline that happens automatically, there is no risk of forgetting security steps or adding additional load on employees. It ensures that everything passing through the perimeter is safe.
Financial institutions must maintain compliance and store application documentation well beyond approval or rejection. Organizations that have merged or acquired other organizations also adopt the storage archives of the companies they now possess. Threats hidden in files in their stores are not benign. Anytime they are accessed or opened, such as for audits and reviews, their hidden code can launch.
Votiro Seamlessly Defends the Process
Votirio helps financial organizations secure their loan application process by baking security into the ingestion and storage process. Rather than requiring complex configuration changes and reprogramming of applications, Votiro’s API seamlessly integrates into existing solutions, allowing organizations to onboard in a matter of minutes rather than weeks or hours. Once in place, Votiro’s Content Disarm & Reconstruction technology sanitizes all content and unstructured data as it flows into your data stores or email inboxes, eliminating any need for user interaction to maintain security. As the process of file sanitization and recursive analysis occurs, Votiro also feeds valuable data gleaned from the process to your SIEM.
Votiro also sanitizes large volumes of information rapidly for existing data stores, eliminating hidden threats accumulated over the years or from M&A efforts. By removing threats from incoming applications and existing data stores, Votiro creates a holistically secure application and review process.
Contact us today to learn more about how Votiro eliminates hidden threats in your loan application process.