The 10 biggest cyber threats facing the financial services industry

Considering the sensitive information it holds, it’s no wonder that the financial services industry continues to be one of the most targeted sectors by today’s cybercriminals. Recent societal and technological changes in the last year have only made matters worse.

The ongoing COVID-19 pandemic has created a breeding ground for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening security perimeters. Criminals, meanwhile, have only become more self-assured as they move beyond traditional theft and ransoms to leak sensitive information, discredit reputation, and commit fraud. Many of these ‘new breed’ cybercriminals are armed with sophisticated malware that was once out of their reach but is now more readily available through subscription models and underground forums.

Blueliv’s latest whitepaper, Follow the Money, takes a deep dive into this evolving threat landscape. Supported by intelligence gathered by Blueliv’s Threat Context, the whitepaper identifies recent attacks, popular cyber threats and the threat actors behind them and offers the financial services industry advice on how to manage this cyber-risk.

Using findings from this whitepaper, this blog will outline some of the biggest threats facing the financial services industry today.

 

1. Phishing

Phishing is a seminal technique cybercriminals use to steal credentials and personally identifiable information (PII) and remains one of the most effective attack vectors. It is typically used in conjunction with social engineering techniques to extract information from victims and trick them into believing that the email they have received is legitimate (often from a bank or government body) and something they need to act on. This action often sees the victim clicking a link or an attachment containing malware that grants the attacker access to their systems.

 

2. Business Email Compromise (BEC)

BEC attacks allow malicious actors to gain access to a business email account and pose as the owner in order to defraud the target company and its employees, customers or partners. In doing so, attackers can access sensitive data via company systems and networks. BEC attacks target financial institutions due to the valuable information available should attackers succeed. Once in, these attackers focus on tricking other employees into transferring money into criminal bank accounts or disclosing access information that would enable them to do so themselves.

 

3. Ransomware

A type of malware that encrypts victim files and holds them ransom until the victim agrees to pay a ransom, ransomware attacks have rocketed in popularity and sophistication over the past two years. Typically, attackers demand their victims pay the ransom in a specific time frame, or else they leak the encrypted information publicly. Should the victim pay, the attacker may offer a means for the victim to regain access to the system or data. These attacks are historically opportunistic, though they are becoming increasingly targeted.

Successful ransomware attacks usually begin with an attacker gaining access to a device via a spam attachment attached to an email disguised to be from someone the recipient trusts. Once clicked and downloaded, the file gives the criminal access to the machine.

 

4. Credential theft

Using just one stolen credential, criminals can gain access to a company’s systems or networks to launch a more comprehensive attack, transfer money to money laundering and insurance scams, and even spread malicious links among other employees. Credential theft is a universal problem that affects every modern industry and costs the global economy millions of dollars every year.

 

5. Malware infection

Malware infections use a malicious email to launch various types of attack campaigns, from credential theft to trojans and more. According to Blueliv’s data, outlined in its latest financial services threat landscape whitepaper, the top five malware stealers used for credential theft explicitly targeting the financial services sectors as of October 2021 are Azorult, Arkei, Redline, Raccoonstealer and Collector.

 

6. Banking trojans

Banking trojans are computer programs built to steal sought after information stored or processed through online banking systems and typically rely on form-grabbing, code injection, and specific stealer modules dropped in the infected machine. These modules may impose a legitimate piece of software to lure users into installing them. From there, they search and extract sensitive data that the criminals can monetize.

 

7. Point of Sale (POS) malware

All digital consumer purchases at a retailer are handled by POS systems built of hardware (e.g., the terminal used to read the customer’s card) and software that tells the hardware what to do with the information it receives. Malware built to infect these systems has gained popularity in recent years and has allowed criminals to extract card data which can then be used or sold on, both of which result in financial gain for the attacker. A combination of hard-to-detect data-exfiltrating malware, legacy hardware, which is difficult to patch, and general OS vulnerabilities mean that this particular threat can be hard to defend against.

 

8. Mobile apps malware

While they boast a high level of security, the reality is that many banking apps – just like other civilian apps – have common flaws and vulnerabilities that criminals can exploit and extract sensitive data from. Mobile banking trojans, in particular, are “one of the most rapidly developing, flexible and dangerous types of malware” and have functionalities that include credential theft as well as stealing funds from mobile users’ bank accounts. Recent research highlights a year over year increase of 129% in malicious actors targeting smartphones since 2019 due to increased use of mobile banking applications.

 

9. Distributed denial-of-service (DDoS) attacks

This attack sees cybercriminals flood and crash a target website by overwhelming it with traffic. Attackers utilize multiple compromised computer systems as sources for the attack traffic, including computers and other network-connected devices. Recently, off-the-shelf toolkits have become available to attackers who would otherwise not have had access to such an attack vector, thanks to DDoS-for-hire sites.

DDoS attacks disrupt business function, damage traffic and databases, and can lead to substantial financial losses to the victim – even smaller attacks can be damaging if they take a website down and force customers to take their business elsewhere. These attacks are a significant risk to financial services institutions since revenue will likely be disrupted due to an attack, not to mention costs for remediation and even customer compensation.

 

10. Cryptojacking

Cryptocurrency has become incredibly popular over the past year. The market moves millions of dollars each day with almost no regulations in place, making it the perfect target for threat actors. Cryptocurrencies are, by design, private and anonymous, and therefore it is difficult for victims to protect themselves or their finances in the face of an attack. All an attacker needs to do is gain access to a target’s device via a cleverly disguised phishing email. From there, they can generate and transfer cryptocurrency to their personal accounts.

 

How can the financial services industry manage its cyber risk?

 While financial institutions typically invest more into security than other industries, they cannot possibly invest the time or money needed to implement every single security solution out there or build a team of security experts skilled enough to protect their data from the numerous threats facing them. Even the world’s largest banks, investment funds, and financial services organizations are unable to plug every gap in their security infrastructure. That’s where threat intelligence comes in.

 

True threat intelligence offers organizations real-time information on the threats lurking outside their perimeter, actionable insights into infected devices to prevent fraud and the ability to detect leaked, stolen and sold user credentials in real-time. With this, organizations can act on fresh and reliable information to mitigate or altogether avoid the threats outlined in this blog and can focus their often limited resources on the most crucial threats targeting their networks and infrastructure. Simply put, threat intelligence empowers security teams to act more effectively and more efficiently in the face of cyber threats.

 

To find out more about additional threats facing the financial services industry, including ATM malware, pharming, digital card skimming and more, the threat actors behind them, and how banks and financial organizations can manage their cyber risk, read our latest whitepaper.

What is Threat Intelligence and why is it important?

Learn more
Demo Free Trial MSSP
Program