Cyber threats surging for finance & insurance sectors

ReliaQuest has released a comprehensive report examining the evolving cyber threats faced by finance and insurance companies over the last six months.

The report highlights that 150 finance and insurance companies were exposed on ransomware sites in the last six months, reflecting a 32% rise in ransomware activity in the latter half of the previous year compared to the first half.

The threat actor known as 'Scattered Spider' is significantly targeting the finance sector, with 50% of its phishing domains aimed at banks and insurance firms.

"024 was the year cyber threats got quicker. Cyber attackers really picked up the pace, executing faster, more efficient breaches that pushed traditional defenses to their limits. Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes. This quicker infiltration leaves organizations with even less time to respond, making automated defenses crucial in matching—and surpassing—the speed of adversaries," explained ReliaQuest.

According to the data analysed by ReliaQuest, the average breakout time in 2024 was measured at 48 minutes, compared to 2023 data. The quickest breakout was recorded at 27 minutes, signifying accelerated attack speeds.

Breakout time refers to the duration between initial access and lateral movement within an affected system. ReliaQuest identified that only 0.02% of true-positive alerts resulted in lateral movement, underscoring the increasing speed of cyber incursions.

ReliaQuest noted, "For defenders, breakout time is the most critical window in an attack. Successful threat containment at this stage prevents severe consequences, such as data exfiltration, ransomware deployment, data loss, reputational damage, and financial loss. So, if attackers are moving faster, defenders must match their pace to stand a chance of stopping them."

The report also highlights a 142% increase in initial access broker (IAB) listings on cybercriminal platforms, along with a more than 50% rise in infostealer logs on the dark web in 2024 compared to 2023 data. This expansion grants IABs more opportunities to facilitate swift access to compromised networks.

Furthermore, ReliaQuest collected data indicating the significant influence of infostealers like "LummaC2" and "Raccoon", which harvest sensitive data such as passwords and credit card numbers from compromised systems.

The increase in cyber threats is partly attributed to the maturation of the ransomware-as-a-service (RaaS) market. Over recent years, RaaS operations have grown from 60 in 2022 to nearly 100 by 2023, requiring attackers to evolve strategies for faster ransomware deployment.

ReliaQuest warns, "We've identified two main methods that affiliates have been using to accelerate breakout times that are poised to become even more prominent in the coming year: collaborating with other affiliates in an 'assembly line' and conducting help-desk scams."

Help-desk scams have surged in popularity, linked with groups like Black Basta and 'Scattered Spider'. These operations often utilise email or Teams-based phishing tactics to gain rapid network access.

ReliaQuest's research also indicates that threat actors are now exploiting vulnerabilities much faster, with the average time from vulnerability discovery to exploitation reduced from 47 days in 2023 to just 18 days in 2024.

As adversaries employing automation and AI-enhanced tools, organisations are urged to enhance their defenses.

"ReliaQuest's Approach: Cyber threat actors are moving fast—so defenders must move faster," emphasised ReliaQuest, highlighting the cruciality of rapid response strategies.

ReliaQuest recommends organisations deploy rapid automation solutions like GreyMatter's Automated Response Playbooks to reduce their mean time to contain threats from hours to under five minutes, asserting that "Rapid responses are crucial in containing threats before they inflict damage."