Cybersecurity threats are the most prevalent risk affecting the financial services industry. Despite the best mitigation efforts, these threats are getting more dangerous as cybercriminals shift from theft to creating hostage situations, says Tom Kellermann, chief cybersecurity officer at Massachusetts-based Carbon Black Inc.
Generally, financial institutions have pretty resilient security measures in place. But the finality of becoming victims of cybercrime is certain, he adds.
“The increase in destructive attacks is a notable and dangerous trend as cybercriminals are shifting from typical bank heists to hostage situations. It is important to note that financial institutions typically have a more robust cybersecurity posture than their peers in other verticals,” Kellermann tells Personal Wealth in an email interview.
“However, this does not make them immune to cyberattacks. There is still considerable opportunity for financial institutions to improve their cybersecurity posture and go on the offensive with threat-hunting teams.”
To detect nefarious activity, financial institutions should be mandated to conduct monthly hunts and compromise assessments to ensure that no cybercriminal has a backdoor into their networks, he says.
“Regulators should be working in tandem with the private sector to collaborate and share threat intelligence, specifically in the area of tactics, techniques and procedures (TTPs) — independent actions or behaviours that occur during a cyberattack. When the TTPs of each attack are collated into an information repository, organisations can tap this knowledge bank to improve their cyberdefence systems for a better chance of combatting future attacks.
“We all face a common adversary in cyberattackers and these attackers are more than willing to work together to share vulnerabilities and sensitive information. As defenders, we should be doing the same.”
In a March report by Carbon Black, in collaboration with Optiv Security Inc, it was shown that 26% of surveyed financial institutions were targeted by destructive attacks — a whopping increase of 160% over the course of the year. The report stated that the destructive attacks were rarely conducted for financial gain. Rather, these attacks were punitive in nature and aimed at destroying data.
According to the report, titled Modern Bank Heists: The Bank Robbery Shifts to Cyberspace, 67% of financial organisations had reported an increase in cyberattacks over the previous 12 months and of those surveyed, 79% said cybercriminals were becoming more sophisticated.
“Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain. Rather, these attacks are launched as punitive measures aimed at destroying data. Cybercriminals have formed sophisticated approaches to gain access to confidential banking and financial information and organisations need to be aware of the impending threats,” says Kellermann.
Most of the cyberattacks in Asia-Pacific come from hackers in North Korea and Vietnam, he adds. “The most prevalent tactics used in attacks in Asia-Pacific include fileless malware, island hopping from technology service provider networks and watering holes.”
Kellermann says 21% of surveyed financial institutions experienced a “watering hole attack” during the past year. Using this technique, cybercriminals set traps in websites that their target victims are known to frequent.
“In these attacks, financial institution and bank regulation websites are hijacked and used to pollute visitors’ browsers. This tactic is increasing in the wild as cybercriminals recognise the implicit trust consumers have in bank brands,” he adds.
The most common cyber intrusion is called social engineering attacks, which affected 79% of the financial institutions. The report found that cybercriminals move through advanced TTPs to hide malicious activity and exploit weaknesses in people, processes and technology to gain a foothold that persists in the network. The criminals then gain the trust of the victim and access to critical resources.
But the most problematic and costly attack is one that uses a Trojan horse called Emotet. The report stated that attackers used variants of the destructive malware to incapacitate the financial sector.
Seeing that attackers have become more aggressive and migration to the cloud has undermined perimeter defence, financial institutions “must shift to an architecture of intrusion suppression, which entails detecting, diverting, containing and hunting an adversary in a clandestine fashion”, says Kellermann.
“To do this, visibility into the endpoint is imperative. Visibility can only be achieved by capturing all unfiltered data,” he adds.