Skip Navigation
Get a Demo
Resources Webinars
Stories from the field
Michael Haag Brian Donohue Rick McElroy

Upended Overnight: Facing Threats to Banking and Finance

Banking and financial organizations have a unique perspective on the cybersecurity landscape. Not only is the industry a bellwether for emerging threats, but they also have deep visibility into the machines and networks they protect.

As the global pandemic has forced most employers to embrace a work-from-home model, security teams at banks face a particularly daunting challenge. We invite you to join us for a discussion about the state of security in finance. Using Red Canary’s Threat Detection Report and VMware® Carbon Black’s latest findings as a basis for the conversation, we’ll offer unique insights into the top attacker techniques that targeted endpoints across financial institutions in 2019—as well as what the future might look like for your team.

  • Get unique insights into the top attacker techniques that targeted endpoints across financial institutions in 2019
  • Learn how mandatory remote policies are shifting the threat landscape for Finance and Banking
  • Explore the changes to the threat landscape as adversaries adapt to decentralized networks
  • Consider the importance of endpoint and identity-centric security controls

02:15 Panelist Introduction

04:30 Webinar Agenda

05:30 The Past: The 2019 Landscape

05:42 The 2019 Threats to Finance

06:42 “PowerShell is still widely used out there in the wild. We’re seeing more and more credential dumping with the widespread use of tools like MIMIKATZ.” -Michael

07:39 Defense Evasion

07:58 “What we’ve observed from 2018 into 2019 is that the categories of malware are starting to break down.” -Rick

09:17 Ransomware Resurgence

09:55 “You have to look at two categories: stopping credential harvesting and stopping lateral movement.” -Rick

10:14 Wipers

11:22 “Having tools that actually concentrate on those types of behaviors is great for our environment.” -Carlos

11:52 The Present: Operations in March and April

12:20 People

16:32 “We began to see, and we are still seeing, the COVID-related attacks happening. So you’re starting to see email-based attacks or COVID-related emails coming inbound.” -Michael 

17:00 “If attackers have a day job, or this is their day job, they now have more time to focus on their activities.” -Michael 

18:09 “One of the things that we build our security programs on is adaptability. We want to adapt to the environment, we want to adapt to business strategies, and we want to adapt to things going on.” -Carlos

19:30 Processes

23:02 “Keep an eye on the future and start to design your solutions for a world that’s going to be like this. Because I don’t see us going back.” -Rick

25:32 Technology

26:45 “We were used to looking at the perimeter and interest points, and now interest points are all over the place.” -Carlos

28:22 “Endpoint protection and endpoint controls become the new normal and become the actual focus of what used to be done.” -Carlos 

29:15 “All of our home routers are suspect. I don’t trust any of them.” -Rick 

30:26 “As part of a COVID response, I’m sure there are a lot of teams that are writing new PowerShell code to do some of this stuff and facilitate it remotely.” -Rick

34:37 “The biggest issue with using somebody else’s endpoint, or using some other non-controlled endpoint, is the behavior analysis.” -Carlos

42:27 “The Cloud is built for ease of use. It’s not built for security.”  -Carlos

43:25 The Future: 2020 and Beyond

43:40 The New Normal

43:49 “There are going to be good outcomes from this; there are going to be bad outcomes; and there’s frankly going to be ones that are entirely indifferent.” -Brian

43:59 Positive Outcomes

44:38 “I think organizations, especially CFO’s, are going to look at the economic savings.” -Rick

47:26 “70% of my team is actually doing some sort of training nowadays.” -Carlos

48:22 Bad Outcomes

49:45 “I believe on the other side of this there will be a lot of litigation and there will be a lot of compliance fines as a result.” -Rick

52:40 Both Good and Bad Outcomes or Neither?

52:57 “As a security leader, I hope that at this point, however long you have been at an organization, that you’ve picked the right vendors through your process and that you’ve been diligent looking for products and organizations that will help you during times of incients.” -Michael

54:23 “A lot of us rely on vendors to keep up compliance.” -Carlos

55:40 Here and Now: Taking Action

55:44 What You Can Do

56:00 “Definitely stay focused on the endpoint as much as you can.”  -Michael

56:22 “If you’re using a lot of Cloud tools, and you don’t have those things going somewhere to be monitored or reviewed, now is probably time to get that going.” -Michael

57:05 “Compliance changes. Document everything.” -Carlos 

57:59 “Plan for those worst-case scenarios, learn from failure on the battlefield, and then adapt as quickly as you can.” -Rick 

59:18 Virtual VMWare Carbon Black Connect Event

Rick McElroy
Principal Security Strategist, Carbon Black
Michael Haag
Director, Advanced Threat Detection and Research, Red Canary
Brian Donohue
Research Production Manager, Red Canary
Carlos Sanchez
Senior Director of the Global Security Office, Global Payments
Operationalizing Carbon Black Response: 5 Success Stories
Operationalizing Carbon Black Response: 5 Success Stories
Five Security Teams, Five Unique Challenges, One Trusted Ally
Five Security Teams, Five Unique Challenges, One Trusted Ally
Back to Top