Dozens of US banks have been attacked by ransomware, which compromised a major tech provider, leading to the loss of significant amounts of secure data.
Most people assume that their bank controls all of the technology which secures their accounts, but this is rarely the case. Data management and regulatory tools, for example, are highly complex systems and processes, so this is where the banks have to turn to the professionals. Unfortunately, for the customers of over 70 US banks, one of these companies – Marquis Software Solutions – was recently the target of a ransomware attack. You may not have heard of Marquis, but they work with hundreds of US financial institutions. And this is why the fallout of this hack was so widespread.
Data security, particularly when it relates to your hard-earned wages and savings, should always be handled correctly, so it’s worth examining what went wrong here.
Understanding the Behind-the-Scenes Attack
If you’ve ever spent any time on the Ophtek blog, you’ll understand the importance of strong network security. Central to this is preventing vulnerabilities from being exploited, and this is exactly where Marquis dropped the ball. Naturally, Marquis had plenty of security in place, but a flaw in the SonicWall firewall enabled attackers to gain access. Once in, the attackers were able to access Marquis’ internal systems. This allowed them to quietly scan through files and harvest sensitive information.
The information in their crosshairs hasn’t been confirmed, but it’s likely to have included personal data such as names, addresses, account details, and government-issued identification numbers. Marquis may have been able to count themselves lucky if the attack ended here, but the hackers wanted to push things a little further. Once this sensitive data had been stolen, the attackers launched the second part of their attack: ransomware.
Ransomware attacks can have severe consequences and, for Marquis, this meant their day was going from bad to worse. So, this ransomware, what did it do? Well, it did its usual tactic of locking crucial parts of Marquis’ systems. Marquis could have gotten this unlocked, but this would have involved paying a hefty ransom fee. And if it wasn’t paid? The hackers would also release the stolen data online.
With up to 400,000 customers’ personal data at risk, this was a nightmare for Marquis. An initial update from Community 1st Credit Union suggested Marquis had paid the ransom fee, but any evidence of this has since been deleted. Nonetheless, it’s intriguing that, despite its clear value, none of the harvested data has been released yet.
Final Thoughts
What’s particularly troubling about this attack is that the victims at the heart of it had no direct connection to Marquis. Their data was shared as part of their bank’s normal operations, with virtually no transparency into where it was stored or how it was protected.
It may feel as though you have no direct control over how your financial data is handled, but Ophtek can offer you some strong advice for keeping it safe:
- Regularly monitor bank and credit reports for unusual activity e.g. unexpected withdrawals, sudden changes in your credit rating, and transfers to unknown recipients.
- Always use strong, unique passwords and enable extra login security such as biometric and multi-factor authentication.
- Be highly suspicious of unexpected emails purporting to be from your bank, or any financial institution, asking for personal details such as account numbers or passwords.
For more ways to secure and optimize your business technology, contact your local IT professionals.
