Top Threats Making Financial Firms More Vulnerable Than Ever

The digital age has fast become the age of unprecedented cyber attacks. As cyber attacks like ransomware, DDoS attacks and island hopping continue to grow exponentially in both frequency and their sophistication for all industries, and data breaches continue to mount, the financial sector finds itself a prime target. 

It is perhaps unsurprising that threat actors looking for financial gains would target the financial sector. After all, the asset is right in the name. Financial firms tend to be targeted far more often than businesses in other industries, with 70 percent of UK financial firms being hit with a cyber attack in 2020. Between February and April 2020, cyber attacks against the financial industry had increased by 238 percent worldwide.  

Unfortunately, despite best efforts, these types of cyber attacks are only set to increase in frequency and cost. The average cost of a data breach in the financial sector is now over 5 million dollars, which is significantly higher than the average cost across other sectors, although it can vary depending on the country and regulation compliance.  

The European Systemic Risk Board (ESRB) estimates the overall global cost of cyber attacks at between 45 to 654 billion dollars in 2018. Christine Lagarde, the President of the European Central Bank (ECB), has warned that cyber attacks on the financial sector could precipitate a financial crisis through several “plausible channels”.  

In 2019, G7 Finance Ministers and Central Bank Governors called cyber risks against the financial sector “a genuine and growing threat” against financial stability and integrity.  

Increasing risk 

The financial sector has always embraced technology to facilitate its operations. However, while Online Banking and electronic banking in general were already rapidly growing, the Covid-19 pandemic seems to have greatly facilitated the changeover. In fact, recent statistics show online banking accounted for 76 percent of banking transactions in 2020.  

Not only this, but 27 percent of UK residents have opened an account with a digital-only bank, a sharp jump from 9 percent of residents in 2019. 

However, as financial organisations continue to increase customer convenience and experience by developing more web portals and apps, they have opened themselves up more and more to cyberspace and the unique cybersecurity risks that thrive in a constantly shifting threat landscape. 

Banking and financial sector are beset by all sorts of security flaws allowing threat actors to, essentially, swoop in and take the crown jewels. This is especially true when it comes to online banking portals and apps, where there can be: 

• Lacking server security and secure data storage. 
• Insufficient cryptography and encryption.  
• Data in motion unsecure at the packet transport layer from server to client or vice versa. 
• Insufficient authentication and authorisation with user logins. 
• Client-side injection, where threat actors inject and execute malicious code on the mobile device via an app. 
• Data leaking from the user side, including users running afoul of cloned apps. 

A report by Accenture found that 30 major apps from 15 financial institutions all had at least one vulnerability. These vulnerabilities included insecure data storage, insecure authentication and authorisation as well as code tampering and reverse engineering. Meanwhile, a 2021 analysis by NowSecure discovered that 70 percent of 400 tested apps failed to meet basic privacy and security standards. 

A study by cyber researchers at Positive Technologies also found that 85 percent of the web apps they tested contained flaws which allowed cyber attacks against users. 80 percent were particularly vulnerable to cross-site scripting (XSS) attacks, where a threat actor injects malicious code onto an otherwise benign website or web application. 

Below are the major cyber threats the financial sector is continuously grappling with. 

Rising ransomware attacks 

Ransomware attacks are rising worldwide and affecting organisations across all sectors and industry. Considering that the primary motivation for threat actors that employ ransomware being money, it’s unsurprising the financial industry has seen a huge growth in attacks over the past year and ranks at least sixth in sectors most targeted by ransomware. 

The banking industry itself in 2021 saw a 1318 percent increase in ransomware attacks alone. 

Moreover, double extortion is very commonly employed in ransomware these days. This is where threat actors will also steal sensitive data from a system they’ve compromised and threaten to sell or simply release it unless the victim pays the ransom, which often these days is in the millions. This has made ransomware and data breaches go hand-in-hand, with cases of double extortion ransomware being used against the financial sector increasing by 350 percent across 2020. 

Data is valuable, especially for the financial sector, and threat actors know this.  

Worse still, paying the ransom won’t guarantee the stolen data will remain unreleased. Cybercriminals aren’t in the habit of giving back treasure and may still sell and trade the data on the dark web for further gains. 

Attack vectors for ransomware are often: 

• Phishing emails, where threat actors trick a victim into clicking on a link or attachment, or even just give out critical information directly.  
• Remote desktop protocol vulnerabilities. 
• Vulnerabilities due to inadequately secured internet servers.  

Of these attack vectors, phishing ranks as the go-to method of delivering ransomware to organisation’s systems and networks. For example, attacks by Ryuk ransomware, which is so prolific it was found to account for a third of all ransomware attacks in 2020, were delivered via phishing emails roughly 80 percent of the time.  

Not only is Ryuk a ransomware variant that attacks an organisation at multiple levels and rapidly spread from network to network, one of its data exfiltration features, Ryuk Stealer, has been modified and upgraded to specifically improve its capability of stealing confidential data from the finance sector.  

Island hopping attacks 

The internet has made the world increasingly interconnected, and this goes the same for many organisations in the business supply chain. 

Financial institutions are increasingly suffering from techniques like ‘island hopping’. While it may sound like a fun thing people do in Greece, in the cybersecurity world it can be devastating. Island hopping is where threat actors, instead of directly going after the target threat actors, target a more vulnerable network partner to gain a foothold and then move laterally to larger, more profitable targets. 

Island hopping comes in a variety of different techniques, including: 

• Network-based island hopping, where threat actors infiltrate one network and hop onto another, affiliate one.   
• Watering hole attacks, where a website commonly used by members of an organisation is infected by threat actors. 
• Reverse business email compromise, where threat actors take control of a victim’s email server and execute fileless malware attacks against victim’s contacts. 

Network-based island is the most popular, however reverse business email compromise is also widespread in the financial sector too. Reportedly, 38 percent of financial organisations have suffered some type of island hopping attack, a 13 percent increase from 2020.  

DDoS attacks  

In the modern world, time is money and availability of service is key, especially for financial institutions. Distributed denial-of-service (DDoS) attacks have also become increasingly common worldwide, including against financial institutions. 

DDoS attacks are designed to prevent victims from accessing critical systems and disrupt services. This can be especially devastating for financial organisations as customers won’t be able to access their accounts, grinding everything to a standstill.  

In a Neustar survey, over 80 percent of financial services firms estimated losses of 10,000 dollars an hour during outages caused by DDoS attacks.  

Threat actors are well aware of the stakes and damages they cause. Last year, malicious actors impersonating more infamous threat groups Lazarus and Fancy Bear tried to extort more than 100 financial firms by threatening to unleash DDoS attacks on them unless they were pre-emptively paid off. These extortion demands were made to banks, credit rating firms, asset managers, clearinghouses as well as payment companies worldwide, once again showing that threat actors do their research and understand how the financial sector is structured. 

Like many things, DDoS attacks aren’t just a one-trick pony either. Their bombastic, attention-grabbing nature has also found them a use as a means to mask network infiltrations like ransomware going on in the background. 

Insider threat always present 

In cybersecurity, insider threats are always a problem. 

In the financial industry, it was found in a recent Financial Data Risk Report that the average employee has access to 13 percent of their company’s files, with almost 20 percent of these files containing sensitive employee and customer data.  

This kind of confidential information can land a company in hot water if this information is accessible to a malicious actor in the company, leading to consequences like: 

• Fraud. 
• Data leaks. 
• Financial losses. 
• Harsh, regulatory fines. 

Remote working has seemingly only exacerbated this cybersecurity threat, highlighting the necessity for financial institutions to introduce appropriate controls and follow cybersecurity best practices. Failure to lock down sensitive data while having a remote workforce leads to a higher risk of insider breaches.  

With insider threats costing the financial sector over 14.5 million dollars on average per year, financial institutions need to implement proper monitor access controls, enforce strong passwords and implement multi-factor authentication now more than ever. 

Recommendations  

In a world of web portals and banking apps, financial organisations need to work to manage and tackle a multitude of security problems. 

To deal with these risks, financial institutions are recommended to: 

• Manage customer security habits by imposing strict security requirements and controls, like requiring users to have strong passwords and implementing two-factor or multi-factor authentication. 
• Build robust security measures into web portals and applications.  
• Using monitoring and blocking technologies that protect them from stuff like client-side JavaScript injection, helping ensure users aren't suffering auto-redirect attacks or having their login data compromised. 
• Ensure every device across is protected, especially those that sit at the perimeter, or rather edge, of your infrastructure. This is usually done with a VPN solution, allowing your staff to remotely connect to your infrastructure securely. 

 If your company is transmitting data that will remain sensitive decades from now, a further recommendation is having quantum-safe cryptography. 

Securiwiser 

Securiwiser is a cybersecurity detection and cyber risk monitoring tool that evaluates your company’s cybersecurity posture, as well as your vendors’, and notifies you of vulnerabilities and ongoing exploits in real-time, presenting them in an easy-to-read dashboard.  

Securiwiser checks for things like your DNS Health and if you’re vulnerable to attacks like DDoS and DNS hijacking, the robustness of your network and cloud security and if malware is propagating across your network, malicious port activity on your server, and much, much more. Give yourself a free scan today and see how you and your vendors stack up in cyberspace!