Aussie banks stage secret secret intel sharing meetings
Carders crushed and malware re-use stymied thanks to speedy sharing.
ACSC2016 Carders targeting Australian banks may have a tough time re-using attacks thanks to a regular invite-only gathering of anti-fraud boffins.
Adam Cartwright. Image: Darren Pauli, The Register.
The information-sharing meetups known as "Interbank" have taken place for about six years. The meetings first included representatives from Australia's big four banks but now includes folks from smaller financial institutions and some larger organisations outside of the sector.
It is understood the arrangement and open communications channels between the banks makes it tougher for carders to transfer money out of Australia's closed system, compared to other countries.
ANZ Bank's head of cyber Adam Cartwright told the Australian Cyber Security Conference in Canberra today that information is not disclosed outside of Interbank.
"We meet quarterly and discuss attacks and things that we have seen on our networks which is really valuable for intelligence," Cartwright says.
"We have lots of informal relationships outside of Interbank."
Attackers who target one bank with custom malware, for example, will be quickly blocked in others as anti-fraud types phone in the threats and send indicators of compromise to rival banks.
The existence of the meetings go some way to explaining the consistently high cost of stolen Australian cards on carder sites compared to those in other countries. Cartwright says the Interbank board reshuffles and includes members of the banks and the Australian Federal Police. Some non-banks are members of the forum but that membership is exceptional.
He says organisations should not rely on signature-based antivirus to identify and block advanced attacks, but said the oft-criticised technology does have a role cutting out noise. ®