Security VARs come to aid of anxious Jersey banks

Jersey financial institutions urged to beef up security following cyberattack warning

Security VARs have been doling out advice to Jersey banks after they were warned to expect cyberattacks from an offshoot of hacking collective Anonymous.

The Jersey Financial Services Commission (JFSC) last week emailed 300 organisations on the UK dependency to warn them they might be targeted this month by a hacking group going by the name of #Opsbanksters.

The "hacktivists" in question are apparently in possession of a significant list of email addresses, host names and IP addresses they may use to launch an assault on banks on the island, which they have criticised in the past for being a tax haven.

David Lannin, security strategist at VAR Sapphire, said his account managers received calls from several worried Jersey banking clients last week.

Similar attacks in the past have tended to draw heavily on existing, rather than zero-day attacks, meaning those who are not up to date with the latest security patches and antivirus detection will be most susceptible, Lannin (pictured below) warned.

He expects the hackers to strike as early as this week, but argued there is no need for banks to panic.

"This isn't anything new, as any one of those organisations could be susceptible to these attacks at any time," he said. "But there is a need to validate that the existing security technologies and processes they have in place are able to protect them against these types of attack."

Zero-day attacks would be more of a cause for concern, Lannin said.

"Not opening attachments from a sender you don't know is sound advice," he said. "They might also want to consider extending the virus outbreak filter time setting on their email security gateways to give themselves a better chance of picking up a new virus."

The JFSC itself has recommended a range of preventative measures be taken, including:

• Ensuring that all antivirus software is up to date
• Ensuring that all firewalls and edge security devices are patched up to date
• Notifying data network service providers that you anticipate DDoS incidents as they may be able to deploy upstream technologies to mitigate any impact on your services.
• Reviewing cybersecurity guidelines issued by CESG