No sector was more regularly targeted than the financial sector
The financial sector has seen a “staggering 238 per cent increase” in cyber attacks and ransomware attacks have increased nine-fold since the beginning of February to the end of April 2020.
This is according to VMware Carbon Black’s third annual finance-focused report, the Modern Bank Heist Report, which surveyed 25 CISOs at some of the world’s largest financial institutions — who revealed what they’re seeing with attack prevalence and evolution.
Jonah Force Hill, senior cyber policy adviser and executive director of the US Secret Service Cyber Investigations Advisory Board (CIAB) said in the report, while virtually all sectors of the global economy fell victim to cyber crime of one kind or another, no sector was more regularly targeted than the financial sector.
“At an alarming rate, transnational organised crime groups are leveraging specialist providers of cyber crime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service (DDoS) attacks and business email compromise (BEC) scams,” he said. “Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities.”
According to Hill the growing availability of ready-made malware is creating opportunities for even inexperienced criminal actors to launch their own operations. When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cyber criminals today have an ever-expanding host of attack vectors to exploit.
“Every organisation—providers of financial services, in particular—must remain vigilant in the face of these evolving threats. It is critical that organisations maintain a continuous dialogue with law enforcement to ensure a rapid response in the event of an incident,” he said.
Key findings from the report includes:
- 80 per cent of surveyed financial institutions reported an increase in cyber attacks over the past 12 months, a 13 per cent increase over 2019.
- 27 per cent of all cyber attacks in 2020 have targeted either the healthcare sector or the financial sector, according to VMware Carbon Black data.
- 82 per cent of surveyed financial institutions said cyber criminals have become more sophisticated, leveraging highly targeted social engineering attacks and advanced TTPs for hiding malicious activity. These criminals exploit weaknesses in people, processes and technology to gain a foothold and persist in the network, enabling the ability to transfer funds and ex-filtrate sensitive data.
- 64 per cent of surveyed financial institutions reported increased attempts of wire fraud transfer, a 17 per cent increase over 2019. These attacks are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.
- 33 per cent of surveyed financial institutions said they’ve encountered island hopping, an attack where supply chains and partners are commandeered to target the primary financial institution.
- 20 per cent of surveyed financial institutions experienced a watering-hole attack during the past year. In these attacks, financial institution and bank regulation websites are hijacked and used to pollute visitors’ browsers. This tactic is increasing as cyber criminals recognise the implicit trust consumers have in bank brands.
