Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Cyber Threats to the Financial Services Sector

Cyber Threats to the Financial Services Sector 1

By Ashley Allocca, Senior Cyber Security Intelligence Analyst at risk intelligence firm Flashpoint

Analysis of organisations targeted by threat actors last year indicates every type of business in the financial services industry (FSI) is at risk of a cyber-attack. From retail, commercial and internet-native banks and credit unions to credit card companies, investment brokerages, insurance firms and mortgage lenders – security teams around the world will continue having their work cut out for them during 2022.

FSI businesses, and their partners and customers, are in a constant battle against an increasingly sophisticated and ever-evolving threat landscape. By identifying the primary threats the sector will face, organisations can look to mitigate and prevent attacks.


Ransomware attacks not only pose a serious threat with the potential to cost companies millions of dollars, but also put the assets of their customers, employees, and partners at risk. In March 2021, insurance company CNA Corporation, paid a US $40 million ransom after threat actors gained access to the records of 75,000 people.

Some of the world’s most powerful governments are taking deliberate action against ransomware attacks. In Australia, the Federal Government released a Ransomware Action Plan, which identifies ransomware as “one of the most damaging types of cyberattacks… which can have severe and long-lasting impacts on Australians and their businesses.”

Third-party risks

Financial institutions must be aware of supply chain risks that stem from third-party vendors and partners, such as cloud service providers and managed service providers. Breaches or cyber-attacks launched against vendors, along the software supply chain, could significantly affect business operations, compromise sensitive customer data, and erode customer trust and brand reputation.

As financial institutions continue to digitize, they adopt more cloud-based technology, like open banking, virtual workspaces, and data-sharing applications. The cloud threat landscape is plagued with well-known misconfigurations, which threat actors can exploit to gain a foothold in the network environments, exfiltrate data, and sell it within illicit communities.

Malware, e-skimmers, and formjacking

A digital form of skimmers – small, physical devices threat actors attach to ATMs to swipe payment card data and PIN codes – is a major cybersecurity concern for financial institutions and their vendors. The practice is referred to as e-skimming and involves a threat actor injecting lines of malicious code into a website to steal information from HTML fields, including credit card data and other credentials. E-skimmers drive customers to domains controlled by a fraudster that look, feel, and function like a legitimate checkout page.

Threat actors frequently use e-skimming to steal data during a purchase, making them a threat not only to financial institutions, but also to their retail partners or any other entity that processes payment information on their behalf.

Compromised banking credentials

Within illicit marketplaces, threat actors advertise credential offerings that have often been harvested using stealer malware. In addition to selling these bank logs, threat actors can use the logs for themselves by transferring funds electronically to other bank accounts, purchasing gift cards, or other fraudulent purchases. If the transactions are disputed by the victim, the financial onus often falls on the card issuer.

Synthetic identities

Synthetic identity fraud (SIF) is a method whereby threat actors create accounts or profiles by pairing legitimate information with false information. This is a major threat for financial institutions as bank accounts and lines of credit can then be built and maintained based on these profiles.

De-centralisation and cryptocurrency

Threat actors use the anonymity provided by de-centralised finance (DeFi) and cryptocurrencies to conduct illegal activity. Bitcoin, Ethereum, and Monero are three of the most popular, and all use blockchain technology, which is public, open source, and distributes the trust of the financial network across all participants.

Although anonymity is a perceived benefit of these cryptos, both Bitcoin and Ethereum transactions can be easily traced through their blockchain ledger when other operational security practices are used. Monero, the preferred crypto for privacy-minded threat actors, is a privacy coin, which uses anti-forensic methodologies to obfuscate all transactions on its blockchain, making it difficult to follow.

There are many types of scams that affect crypto holders, but the most common are related to romance, investments, initial coin offerings, fake exchanges, mobile apps, giveaways, extortion, and QR codes. Crypto scams fall into two categories, both of which are most commonly executed via social engineering; either compromising a victim’s wallet, or tricking the victim into transferring funds.

Data breaches

Research from Risk Based Security (RBS) shows, in terms of data breaches, FSI businesses represent one of the most targeted sectors, second only to healthcare. Many of these breaches originate from unauthorised access to systems or services, or “hacking”.

Whether or not these incidents stem from outside or inside the organisation, the type of data most often being targeted remains consistent. Threat actors, including insiders, typically target names, government assistance information, as well as other financial data, including bank account numbers and transaction details.

Organisations must stay one step ahead of the evolving threat landscape. While identifying the potential threats is a necessary first step, vigilant monitoring for vulnerabilities and a well-developed incident response plan is paramount. By understanding both the potential risks, as well as careful analysis of past exposures, organisations can gain insight that could potentially save them millions.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now