Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Tracking Emerging Threats Within the Financial Services Industry

By Anthony Giandomenico, Senior Security Strategist and Researcher, CTI Lead, FortiGuard Labs

The financial services industry has long been a target for cyber criminals looking to steal valuable customer and financial information. Defending against these criminal efforts has become even more challenging in recent years due to digital transformation efforts that have weakened the ability of many organizations to adequately secure their data. Many financial institutions feel trapped in a classic Catch-22 situation: Customers continue to demand new digital solutions, which force banks and other institutions to expand their potential attack surface through the adoption of new platforms and services. At the same time, regulatory controls require them to have the necessary security infrastructures in place to protect both their clients and themselves from malicious activity.

Anthony Giandomenico
Anthony Giandomenico

To address this conundrum, organizations within the financial services industry must take two steps. First, they need to adopt a security-driven networking strategy that binds any expansion of networks and services to a consistent and enforceable security architecture – you have to be able to secure it before you can build it, send it, develop it or connect to it. And second, they need to stay up to date with the latest cyber threat trends, as this will directly impact their ability to secure critical client data. With that in mind, Fortinet’s recent Q3 Threat Landscape Report highlights several emerging threats that CISOs and their teams need to be aware of moving forward.

Emotet is Still Highly Active

The past quarter saw cybercriminals increasingly using banking Trojans as a means to maximize their financial gains. This was reflected by the increased level of Emotet Trojan activity that was observed across networks. This spike in activity can be attributed in part to Emotet being used in a spear phishing campaign to distribute TrickBot, another well-known banking Trojan. By using Emotet as a payload delivery mechanism, cyber criminals were able to infect vulnerable systems with a variety of banking malware in a single attack.

This threat is particularly concerning due to the fact that Emotet is wormable, meaning that once it infects a system it can spread laterally, quickly infecting entire networks. Furthermore, packaging additional malware with Emotet gives cybercriminals the ability to launch large-scale attacks with relative ease. This form of malware distribution is consistent with attack trends that have been observed across the cyber landscape in Q3, highlighting the growth of the Malware-as-a-Service (MaaS) model. In fact, the Emotet developers have now launch a MaaSversion of their malware, allowing criminal consumers – for a fee – to leverage the millions of devices currently infected with Emotet to deliver additional malware to targeted organizations.

The scale of Emotet’s current campaign, as well as its capabilities, gives the banking Trojan enormous threat potential. It’s why the US Department of Homeland Security has labeled as one of the most costly and destructive systems in the world. And the continuous updates being provided by its very active development team mean that it is unlikely to be thwarted for quite some time. For that reason, it is essential that financial organizations stay informed on its latest iterations. And with that very concern in mind, FortiGuard Labs recently released a new Adversary Playbook that provides valuable information for detecting, understanding, and addressing recent iterations of Emotet.

Banking Malware is Evolving

TrickBot and IcedID were two other banking malware families that were highly active over the third quarter. TrickBot, while initially only functioning as a banking trojan, has begun to evolve its capabilities, making it a more persistent threat. There were several new iterations of TrickBot that were observed, one of which employed a spamming module to gain access to systems and steal data. Another variation of the malware was equipped with a module for stealing credentials, autofill data and other information from an infected host.

IcedID, while still a relatively new trojan, has enormous threat potential within the financial sector. This is because the malware is constantly evolving, making it incredibly difficult for security teams to detect and manage. Initially, IcedID worked by infecting itself on browsers and manipulating traffic to steal bank account information. However, recent variants of the malware are able to do more than just steal data. Fortinet research conducted on the malware in June revealed that it is now able to deliver a TrickBot payload and, presumably, other payloads as well.

The evolution of these malware variants targeting the financial sector highlights how important having actionable threat intelligence is when creating secure infrastructures. The ever-growing threat they pose to the financial services industry must not be understated, and in order for organizations to protect their data, they must constantly monitor the latest iterations of each of these banking trojans.

Final Thoughts

Cybercriminals are continually modifying their attack techniques to not only improve the accuracy of attacks but to better exploit the digital transformation efforts of their targeted organizations. Their goal is to deliver more effective and malicious payloads, as well as use advanced techniques to evade detection. In order to protect against this, financial institutions must rely on threat intelligence, as it will enhance their ability to thwart potential attacks and keep their critical data secure. This must be combined with a security-driven networking strategy to ensure that none of their efforts to meet evolving consumer demands ever puts themselves or their customers at risk.