Given the sensitive information it holds, it’s no wonder the financial services industry continues to be one of the most targeted industries by cybercriminals today. Recent societal and technological changes over the past year have only made matters worse.
The ongoing COVID-19 pandemic has created fertile ground for cyber threats as industries and individuals have become vulnerable as they grapple with remote working practices, massive digital disruptions and expanding perimeters of security. Criminals, meanwhile, have only gained confidence by going beyond traditional theft and ransom to leak sensitive information, discredit their reputations, and commit fraud. Many of these “new breed” cybercriminals are armed with sophisticated malware that was once beyond their reach, but is now more readily available through subscription models and underground forums.
Blueliv’s latest white paper, follow the money, delves into this ever-changing threat landscape. Drawing on intelligence gathered by Blueliv’s threat landscape, the white paper identifies recent attacks, popular cyber threats and the threat actors behind them and offers the financial services industry guidance on how to manage this cyber -risk.
Using the findings of this white paper, this blog will outline some of the biggest threats facing the financial services industry today.
Phishing is a fundamental technique used by cybercriminals to steal credentials and personally identifiable information (PII) and remains one of the most effective attack vectors. It is usually used in conjunction with social engineering techniques to extract information from victims and trick them into believing that the email they received is legitimate (often from a bank or government agency) and that they must act. This action often sees the victim click on a link or attachment that contains malware that grants the attacker access to their systems.
2. Business Email Compromise (BEC)
BEC attacks allow malicious actors to gain access to a business email account and impersonate the owner in order to defraud the target company and its employees, customers, or partners. By doing so, attackers can access sensitive data through corporate systems and networks. BEC attacks target financial institutions because of the valuable information available if attackers are successful. Once there, these attackers focus on tricking other employees into transferring money to criminal bank accounts or divulging access credentials that would allow them to do so themselves.
A type of malware that encrypts victims’ files and holds them for ransom until the victim agrees to pay a ransom, ransomware attacks have exploded in popularity and sophistication over the past two years. Typically, attackers demand that their victims pay the ransom within a specific time frame, otherwise they publicly disclose the encrypted information. If the victim pays, the attacker can offer a way for the victim to regain access to the system or data. These attacks are historically opportunistic, although they are increasingly targeted.
Successful ransomware attacks typically start with an attacker gaining access to a device through a spam email attachment disguised to be from someone they trust. Once clicked and downloaded, the file grants the criminal access to the machine.
4. Credential theft
Using a single stolen ID, criminals can access a company’s systems or networks to launch a more comprehensive attack, transfer money to money laundering and insurance scams, and even spread malicious links between other employees. Credential theft is a universal problem affecting all modern industries and costing the global economy millions of dollars each year.
5. Malware Infection
Malware infections use malicious email to launch various types of attack campaigns, from credential theft to Trojans, and more. According to data from Blueliv, described in its latest financial services threat landscape white paper, The top five malware thieves used for credential theft explicitly targeting financial services industries in October 2021 are Azorult, Arkei, Redline, Raccoonstealer, and Collector.
6. Banking Trojans
Banking Trojans are computer programs designed to steal sought-after information stored or processed through online banking systems and typically rely on form entry, code injection, and specific theft modules dropped into the machine infected. These add-ons can impose legitimate software to trick users into installing them. From there, they seek out and extract sensitive data that criminals can monetize.
7. Point of Sale (POS) Malware
All consumer digital purchases at a retailer are processed by point-of-sale systems consisting of hardware (for example, the terminal used to read the customer’s card) and software that tells the hardware what to do with the information it receives. Malware designed to infect these systems has grown in popularity in recent years and has allowed criminals to extract card data which can then be used or resold, resulting in financial gain for the attacker. A combination of hard-to-detect data-exfiltration malware, hard-to-patch legacy hardware, and general operating system vulnerabilities means it can be difficult to defend against this particular threat.
8. Mobile app malware
Although they offer a high level of security, the reality is that many banking apps – just like other civilian apps – have common flaws and vulnerabilities that criminals can exploit and extract sensitive data. Mobile banking Trojans, in particular, are “one of the most flexible, dangerous and fastest growing types of malware” and have features that include credential theft as well as theft of funds from mobile users’ bank accounts. Recent research highlights a 129% year-over-year increase in malicious actors targeting smartphones since 2019 due to increased use of mobile banking apps.
9. Distributed Denial of Service (DDoS) Attacks
This attack sees cybercriminals flood and crash a target website by flooding it with traffic. Attackers use multiple compromised computer systems as sources of attack traffic, including computers and other network-connected devices. Recently, off-the-shelf toolkits have become available for attackers who otherwise would not have had access to such an attack vector, thanks to DDoS sites for rent.
DDoS attacks disrupt business operations, damage traffic and databases, and can cause substantial financial loss to the victim. Even smaller attacks can be damaging if they take a website down and force customers to go elsewhere. These attacks pose a significant risk to financial services institutions, as revenue will likely be disrupted due to an attack, not to mention remediation costs and even compensation for customers.
Cryptocurrency has become incredibly popular over the past year. The market moves millions of dollars every day with almost no regulations in place, making it the perfect target for threat actors. Cryptocurrencies are, by design, private and anonymous, making it difficult for victims to protect themselves or their finances from an attack. All an attacker needs to do is gain access to a target’s device via a cleverly disguised phishing email. From there, they can generate and transfer cryptocurrency to their personal accounts.
How can the financial services industry manage its cyber risk?
While financial institutions typically invest more in security than other industries, they cannot invest the time or money to implement every single security solution or build a team of security experts skilled enough to protect their data against the many threats they face. Even the world’s largest banks, investment funds, and financial services organizations are unable to close all gaps in their security infrastructure. This is where threat intelligence comes in.
True threat intelligence gives businesses real-time insights into threats lurking outside their perimeter, actionable insights into infected devices to prevent fraud, and the ability to detect user credentials leaked, stolen and sold in real time. With this, organizations can act on the basis of recent and reliable information to mitigate or completely avoid the threats described in this blog and can focus their often limited resources on the most crucial threats targeting their networks and infrastructure. Simply put, threat intelligence enables security teams to act more effectively against cyber threats.
Learn about additional threats facing the financial services industry, including ATM malware, pharming, digital card skimming and more, the threat actors behind them and how banks and financial organizations can manage their cyber risk, read our latest white paper.
The post office The 10 Biggest Cyber Threats Facing the Financial Services Industry appeared first on blueliv.
*** This is a syndicated blog from the Security Bloggers Network of blueliv written by Roman Tauler. Read the original post at: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/threat-intelligence/the-10-biggest-cyber-threats-facing-the-financial-services-industry/