The Modern Bank Heists report, which annually takes the pulse of the financial industry’s top CISOs and security leaders to provide executives with a ground truth on the changing behaviour of cybercriminal cartels and the defensive shift of the financial sector.
In this year’s report, 130 financial sector security leaders from around the world revealed the type of attacks they’re currently seeing, what threats they’re most concerned about, and how they’re adjusting their security strategy and spend.
The findings of the Modern Bank Heists report reflect the massive impact that the events of the past year have had, and continue to have, on financial institutions around the world.
Since last year’s edition, security has become a top-of-mind issue for business leaders amid rising geopolitical tension, an increase in destructive attacks utilizing wipers and remote access tools (RATs), and a record-breaking year of Zero Day exploits.
The US kicked off international efforts with more than 30 global partners to fight ransomware by addressing the financial systems and safe harbors that make ransomware profitable, and encouraging international law enforcement collaboration to disrupt the ransomware ecosystem.
US private-public sector collaboration also made incredible strides with the Cybersecurity and Infrastructure Security Agency’s (CISA) creation of the Joint Cyber Defense Collaborative (JCDC.
This continued collaboration will be key to combatting the evolving threats detailed in the report.
Financial institutions are being hit with multiple ransomware attacks as the security industry bands together to fight back against ransomware groups, such as DarkSide and Conti.
Cybercrime cartels are targeting market strategies, taking over brokerage accounts, and island hopping into banks. Attackers are moving from heist to hijack, from dwell to destruction.
The Secret Service, in its investigative capacity to protect the US’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud.
There are a variety of reasons for the opportunities, motives, methods and means related to criminal activity.
At the forefront is the swelling profitability of these crimes which, of course, motivates criminal actors.
The persistent, inadequate security of systems connected to the internet provides opportunity and methodology.
Finally, the proliferation of digital money payment systems has created a global, instantaneous and pseudo-anonymous means to facilitate their actions.
All of these factors have facilitated the maturation of a cybercriminal ecosystem that has not been sufficiently suppressed.
The report sees these trends continuing into the future and utilising greater anonymising techniques, such as peer-to-peer networks, privacy coins, encrypted communications, and darknet marketplaces, to further expand cybercrime capabilities and reach.
A path of destruction
The most visceral escalation of the modern bank heist is to leverage destructive attacks. Destructive attacks are launched punitively to destroy data and dismantle subnets. 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year.
It is worth noting that cybercriminals in the financial sector will typically leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
Destructive malware variants seek to destroy, disrupt or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.
Modern market manipulation
Although 71% of financial institutions noted an increase of wire transfer fraud this year, the report finds that cybercrime cartels have realised that the most significant asset of a financial institution is not wire transfers or the access to capital; it’s non-public market information.
This encompasses corporate information or strategies that can affect the share price of a company as soon as it becomes public, such as earnings estimates, public offerings, and significant transactions.
Two out of three (66%) financial institutions experienced attacks that targeted market strategies.
This threat aligns with economic espionage and can be used to digitize insider trading and front-run the market.
Front-running is the illegal practice of purchasing a security based on advance non-public information regarding an expected large transaction.
Of the financial leaders surveyed, 25% said market data is the primary target for cybercriminal attacks.
The post Bank Heists 5.0 – From heist to hijack, dwell to destruction appeared first on Payments Cards & Mobile.
