Financial institutions

The modern bank heist is an endgame for financial institutions

(Source – Shutterstock)

Financial institutions continue to be heavily targeted by cyberattacks. Despite their increased cybersecurity protections, the changing and evolving tactics of cybercriminals are making it more difficult for financial institutions to stay secure.

According to VMware’s fifth annual report on modern bank robberies, 63% of financial institutions admitted to having experienced an increase in destructive attacks, with cybercriminals using this method as a means of burning evidence as part of the countermeasures response. -incidents. Additionally, 74% experienced at least one ransomware attack in the past year, with 63% paying the ransom.

The report sheds light on issues facing CIOs and security managers in the financial industry, particularly the changing behavior of cybercriminal cartels, including the defensive shift of the financial industry. As financial institutions face an increase in destructive attacks and fall victim to ransomware more often than in previous years, sophisticated cybercrime cartels are also moving beyond wire transfer fraud to now target go-to-market strategies, take control of brokerage accounts and go to banks.

Another interesting finding of the report is that once cybercriminals gain access to a financial organization, they no longer seek wire transfers or access to capital as traditionally assumed. Instead, cybercriminal cartels now seek out non-public market information, such as earnings estimates, public offerings, and large transactions.

“What exactly are these cybercrime cartels looking for? We are seeing an evolution from a bank robbery to economic espionage, where cybercriminals target corporate information or strategies that can affect a company’s share price as soon as it becomes public,” wrote Tom Kellermann, head of cybersecurity strategy at VMware in a blog post.

In fact, 2 out of 3 financial institutions (66%) have experienced attacks targeting go-to-market strategies. This modern market manipulation aligns with economic espionage and can be used to digitize insider trading. Asked about the nation-state actors behind these attacks, the majority of financial statements said Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.

For Kellermann, security has become a priority for business leaders amid growing geopolitical tension, an increase in destructive attacks using windshield wipers and remote access tools (RATs), and a record year for Zero-Day achievements.

“Financial institutions now understand that today’s attackers go from robbery to hijack, from habitation to destruction, and are leaving their mark on an extremely vulnerable industry. Collaboration between the cybersecurity community, government entities and the financial industry is paramount to combating these emerging and growing threats,” Kellerman commented.

VMware’s 2022 Modern Bank Robbery Report also showed that 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. The increase represents a new era of a conspiracy in which the hijacking of a financial institution’s digital transformation via island hopping to attack its constituents has become the ultimate outcome of the attack.

At the same time, 67% of financial institutions observed timestamp manipulation, an attack called Chronos after the god of time in Greek mythology. Notably, 44% of Chronos attacks targeted market positions.

(Source – Vmware)

Crypto is still a concern for financiers establishments

83% are also concerned about the security of cryptocurrency exchanges. The advantage for cybercriminals of targeting cryptocurrency exchanges is that successful attacks can be immediately and directly turned into cybercash.

As such, Rick McElroy, senior cybersecurity strategist at VMware, pointed out that consumers often treat cryptocurrencies as real currencies, when in fact they are. He explained that people trust exchanges that are new to the game even if they don’t offer adequate protection to their currency or even their own admin accounts.

“In a crypto-based world, consumers should take some level of responsibility in protecting their cryptocurrency. There is no guarantee that cybercriminals will not target exchanges, hot wallets or cold storage. Suppose that wherever the money is, there will also be criminals trying to steal it,” McElroy said.

With cryptocurrencies still lacking proper regulation, the report also says it has been easy for cybercriminals to profit from nefarious exchanges and virtual currency fueling the surge in modern attacks, especially in the context of cybercriminals. current geopolitical tensions. Ultimately, the goal should be for all illicit funds seized through coordinated government action to be redeployed to help fund the protection of critical infrastructure from cyberattacks.

That said, the results also showed that the majority of financial institutions plan to increase their budget by 20-30% this year. Top investment priorities include expanded detection and response, workload security, and mobile security

51% of financial institutions also conduct weekly threat hunts. The main difference between threat hunting and incident response is that threat hunting is proactive while incident response is reactive. Threat hunting focuses on tracking attacks and the evidence attackers leave behind.

“As security leaders, we know that a strong defense is the best offense. Hunting down modern threats every week should be adopted as a best practice to help security teams detect behavioral anomalies, as adversaries can maintain a clandestine persistence in an organization’s system,” Kellerman said.