Keren Elazari: credit unions ‘need to build their own digital immune system’

One of the most common cyber crimes is ransomware

The 2022 World Credit Union Conference, currently taking place in Glasgow, is exploring some of the key issues around cybersecurity faced by credit unions.

Delegates heard from Keren Elazari – security analyst, author and researcher – who provided a glimpse into the future of cyber security from a friendly hacker’s perspective.

“We all need to take responsibility for our security,” she told attendees, adding that Covid-19 had not slowed down cybersecurity.

One of the most common cyber crimes is ransomware, which involves infecting devices with a digital virus and requesting a ransom in exchange for the antidote. The hackers use different ways to infect, including sending phishing emails asking people to open a file, using passwords as a result of previous hacks and breaches, and targeting remote desktop tools like VPNs.

Another strategy used is to ask users to enable editing of Word documents or Excel files.

A well-known group of hackers is Conti, which operates in the same way as major IT companies. Recently targeted organisations included the Government of Costa Rica and Ireland’s Health Services Executives.

Like regular viruses, ransom viruses have different variants.

Some groups of hackers also provide ransomware as a service with masters taking home 20% of ransoms the affiliates are able to collect. In August 2021 Envision Credit Union was hit by such a ransomware attack by LockBit.

Attackers are also always looking to recruit new collaborators – when infecting they also include information on how to contact them to work with them.

“The expanding digital universe leads to more opportunities for hackers,” said Elazari. However, there are tools that credit unions can use to prevent such attacks, such as Shodan, a search engine that can identity liable connected devices and Haveibeenpawned.com which allows people to check whether their usernames and passwords have been leaked.

Using a two-factor authentication makes using passwords safer as does using unique, longer passwords rather than recycling old ones. Other useful actions include installing application updates and operating system updates or using Mocrosoft’s Defender for Endpoint security solution.

Related: Ian Khan shares tips on how to become a ‘future-ready’ credit union

Independent security researchers can also help credit unions understand vulnerabilities and hacker behaviour, said Elazari, adding that there are 1 million friendly hackers aged under 30 in the world.

She described how Tesla and the Pentagon are among the most well known organisations who actively work with hackers to improve their cybersecurity. In 2016 the Pentagon launched the Hack the Pentagon programme with the aim of using hackers to identify cracks in the system. The total time it took to receive the first vulnerability report once the programme was launched was 13 minutes.

“Now is the time to adapt and evolve, build your own digital immune system, not to keep calm and carry on,” concluded Elazari.

Read more Co-op News reports from the 2022 World Credit Union Conference here.