SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Digital heists: Attacks on financial institutions rise 238% in 3 months
Mon, 18th May 2020
FYI, this story is more than a year old

It's common knowledge now that COVID-19 has provided cyber attackers with ample opportunity to ramp up their operations as the world engages online more than any other time in history.

But only now are official reports emerging describing the scale of the worldwide bump in attacks – and one of the hardest industries is, understandably, the financial sector.

Attacks targeting the financial sector at large have swelled by 238% in the months from February through to the end of April this year, while 80% of surveyed financial institutions reported an increase in cyber attacks over the last 12 months, according to a report released today from VMware Carbon Black.

A further 82% of surveyed institutions reported a rise in the sophistication of attacks – which can be attributed to attackers leveraging highly advanced social engineering tactics and advanced strategies for hiding malicious activity.

64% of financial institutions also reported increased attempts at wire fraud transfer, 17% increase year-on-year.

Wire fraud attacks are usually achieved either through exploiting business process gaps in the transfer process or via social engineering attacks which target consumers directly.

The increase in these tactics may have been born from the fact that attackers are increasingly appreciating the value of commandeering the digital transformation efforts of an institution.

“This year, while virtually all sectors of the global economy fell victim to cybercrime of one kind or another, no sector was more regularly targeted than the financial sector,” says US Secret Service Cyber Investigations Advisory Board (CIAB) executive director Jonah Force Hill.

“At an alarming rate, transnational organised crime groups are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service (DDoS) attacks and business email compromise (BEC) scams.

“Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities,” says Hill.

“The growing availability of ready-made malware is creating opportunities for even inexperienced criminal actors to launch their own operations.

In its attempt to decipher wider attack behaviour, rather than solely focusing on specific types of malware, VMware Carbon Black consulted MITRE ATT@CK.

"Adversaries may attempt to get information about running processes on a system," MITRE said in its report.

“Information obtained could be used to gain an understanding of common software running on systems within the network.

“Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviours, including whether or not the adversary fully infects the target and/or attempts specific actions.”

This reflects the drastic increase in attacker knowledge of the policies and processes of financial institutions – blind spots have been largely identified and incident response (IR) strategies have been analysed to better find loopholes and overcome them.

According to VMware, this advantage gives attackers greater opportunities to manipulate their positions within networks simply because of the noise created by IR, as well as a lack of security controls integration.

“When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cybercriminals today have an ever-expanding host of attack vectors to exploit,” says Hill.

“Every organisation—providers of financial services, in particular—must remain vigilant in the face of these evolving threats.

“It is critical that organisations maintain a continuous dialogue with law enforcement to ensure a rapid response in the event of an incident.