Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Tracking Emerging Threats Within the Financial Services Industry

Tracking Emerging Threats Within the Financial Services Industry

By Anthony Giandomenico, Senior Security Strategist and Researcher, CTI Lead, FortiGuard Labs

The financial services industry has long been a target for cyber criminals looking to steal valuable customer and financial information. Defending against these criminal efforts has become even more challenging in recent years due to digital transformation efforts that have weakened the ability of many organizations to adequately secure their data. Many financial institutions feel trapped in a classic Catch-22 situation: Customers continue to demand new digital solutions, which force banks and other institutions to expand their potential attack surface through the adoption of new platforms and services. At the same time, regulatory controls require them to have the necessary security infrastructures in place to protect both their clients and themselves from malicious activity.

Anthony Giandomenico

Anthony Giandomenico

To address this conundrum, organizations within the financial services industry must take two steps. First, they need to adopt a security-driven networking strategy that binds any expansion of networks and services to a consistent and enforceable security architecture – you have to be able to secure it before you can build it, send it, develop it or connect to it. And second, they need to stay up to date with the latest cyber threat trends, as this will directly impact their ability to secure critical client data. With that in mind, Fortinet’s recent Q3 Threat Landscape Report highlights several emerging threats that CISOs and their teams need to be aware of moving forward.

Emotet is Still Highly Active

The past quarter saw cybercriminals increasingly using banking Trojans as a means to maximize their financial gains. This was reflected by the increased level of Emotet Trojan activity that was observed across networks. This spike in activity can be attributed in part to Emotet being used in a spear phishing campaign to distribute TrickBot, another well-known banking Trojan. By using Emotet as a payload delivery mechanism, cyber criminals were able to infect vulnerable systems with a variety of banking malware in a single attack.

This threat is particularly concerning due to the fact that Emotet is wormable, meaning that once it infects a system it can spread laterally, quickly infecting entire networks. Furthermore, packaging additional malware with Emotet gives cybercriminals the ability to launch large-scale attacks with relative ease. This form of malware distribution is consistent with attack trends that have been observed across the cyber landscape in Q3, highlighting the growth of the Malware-as-a-Service (MaaS) model. In fact, the Emotet developers have now launch a MaaSversion of their malware, allowing criminal consumers – for a fee – to leverage the millions of devices currently infected with Emotet to deliver additional malware to targeted organizations.

The scale of Emotet’s current campaign, as well as its capabilities, gives the banking Trojan enormous threat potential. It’s why the US Department of Homeland Security has labeled as one of the most costly and destructive systems in the world. And the continuous updates being provided by its very active development team mean that it is unlikely to be thwarted for quite some time. For that reason, it is essential that financial organizations stay informed on its latest iterations. And with that very concern in mind, FortiGuard Labs recently released a new Adversary Playbook that provides valuable information for detecting, understanding, and addressing recent iterations of Emotet.

Banking Malware is Evolving

TrickBot and IcedID were two other banking malware families that were highly active over the third quarter. TrickBot, while initially only functioning as a banking trojan, has begun to evolve its capabilities, making it a more persistent threat. There were several new iterations of TrickBot that were observed, one of which employed a spamming module to gain access to systems and steal data. Another variation of the malware was equipped with a module for stealing credentials, autofill data and other information from an infected host.

IcedID, while still a relatively new trojan, has enormous threat potential within the financial sector. This is because the malware is constantly evolving, making it incredibly difficult for security teams to detect and manage. Initially, IcedID worked by infecting itself on browsers and manipulating traffic to steal bank account information. However, recent variants of the malware are able to do more than just steal data. Fortinet research conducted on the malware in June revealed that it is now able to deliver a TrickBot payload and, presumably, other payloads as well.

The evolution of these malware variants targeting the financial sector highlights how important having actionable threat intelligence is when creating secure infrastructures. The ever-growing threat they pose to the financial services industry must not be understated, and in order for organizations to protect their data, they must constantly monitor the latest iterations of each of these banking trojans.

Final Thoughts

Cybercriminals are continually modifying their attack techniques to not only improve the accuracy of attacks but to better exploit the digital transformation efforts of their targeted organizations. Their goal is to deliver more effective and malicious payloads, as well as use advanced techniques to evade detection. In order to protect against this, financial institutions must rely on threat intelligence, as it will enhance their ability to thwart potential attacks and keep their critical data secure. This must be combined with a security-driven networking strategy to ensure that none of their efforts to meet evolving consumer demands ever puts themselves or their customers at risk.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post