Mitigating Cyber Attacks in the Financial Sector

By Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black

As the number of cyber attacks increase globally at an exponential rate, one industry has been a prime target for malicious actors: the financial services industry.

According to Boston Consulting Group research, financial service firms experience up to 300 times as many cyber attacks per year compared to companies in other industries. As cybercriminals become more determined, targeted and sophisticated in their attack methods, it’s no longer a matter of if but when as it relates to cyber attacks.

Just last week, serious cyberattacks made headlines in New Zealand resulting in serious business and data security implications. Hackers have also set their eyes on online payment systems leading to billions of dollars lost from these cyber intrusions.

The dramatic increase in attacks against the financial industry can be attributed to three factors: First, cybercrime syndicates have adopted new attack methodologies, which traditional cybersecurity controls cannot defend against. Second, the COVID-19 pandemic has forced many employees to work remotely, further expanding the attack surface, making them easier targets. Third, cybercriminals are, in some cases, being seen as patriots by their respective nations and acting as nefarious “Cyber Robin Hoods.” Let’s explore:

Cashing In on COVID-19

According to recent data in the VMware Carbon Black Modern Bank Heists 3.0 report, cyber attacks against the financial sector increased by 238 percent from February to April 2020, amid the COVID-19 surge. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the COVID-19 pandemic is no exception. Attackers are being nefariously opportunistic and leverage breaking news to take advantage of vulnerable populations.

These cyber attacks are often performed with social engineering campaigns, leveraging malicious emails that lure victims to install malware which steals financial data and other valuable personal information. Attackers have been using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware. This can be increasingly damaging as the global disruption has affected employment, economies and more. It’s clear the attackers are not slowing down amid the pandemic, which means understanding their behaviors has become more important than ever before.

Money is the Motive: Understanding Attacker Tactics

Financial institutions have reported cybercriminals are becoming more sophisticated, leveraging highly targeted social engineering attacks and advanced procedures for hiding malicious activity. The ultimate goal is to exploit weaknesses in people, processes and technology in order to secure access to networks, enabling the ability to transfer funds and withdraw sensitive data.

The modern cybercriminal understands that it is more lucrative to island-hop from the bank’s environment in order to attack its customers, leading to a surge in island hopping as an attack vector. The most common attacks seen in the financial sector is reverse business email compromise. These attacks occur when a hacker successfully takes over a victim’s email server and executes fileless malware attacks against members of the organisation as well as the board. This has become easier for attackers as more employees are working from home, where network security can be more easily compromised.

Watering-hole attacks make up one in every five attacks on financial institutions. In this case, hackers target a website frequently visited by partners or customers of the organisation they are trying to breach. A majority of financial institutions reported increased attempts of wire fraud transfer since 2019. These attacks are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly. Hackers look to identify websites that a majority of people are looking to gain information from. In this case, many people are looking to financial institutions to help them through trying times, and unfortunately hackers are taking advantage of that.

Bank Heist: From Heists to Hostage Situations

Cybercriminals are escalating the severity of attacks. If it can’t be stolen, it will be destroyed. And, increasingly, destructive attacks are being leveraged as counter incident response techniques. Trust and confidence can be undermined as cybercriminals look to commandeer the digital transformation efforts of the financial institution  to target its customers directly.

In order to fight against these attacks, financial institutions must conduct regular cyber threat hunting exercises to root out any persistence that might exist.  A shift to an intrinsic security model must occur, one where security is built in, not bolted on to the enterprise. Security teams must integrate security controls, microsegment, employ just-in-time authentication and modernise their endpoint security controls to mitigate the modern bank heist.

As the world continues to be affected by COVID-19, it’s clear attackers will continue to target vulnerable populations and organisations, with an eye on finance. Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever. Cybersecurity is now a brand protection imperative, and the trust and confidence in the safety and soundness of a financial institution will depend on it.