Modern bank heists: Cybercriminals increasingly target the financial industry
by Tina Siering
The financial sector: targeted by criminals since early times
Banks perform a key function in the national economy and have a central responsibility: the banking business must function! Impairments or even massive disruptions must be prevented at all costs. Online banking customers must also protect themselves at all costs, because in recent years the threat of cyberattacks on Germany's economy and thus also on the financial sector has increased considerably.
Most online banking users have already received warnings and tips on how to avoid becoming a target for criminals. Phishing emails as well as targeted spear phishing attacks on individuals are widespread, even more: in most cases, a successful cyber attack initially takes place via phising. For years, criminals have been sending millions of e-mail messages that look as if they come from a bank. Banks therefore go to great lengths to educate their employees and customers about the risks of online banking Trojans. Therefore, the rule is: "Think before you click". These viruses, which specialize in banking, come in countless variations.
For example, they are used to educate online banking users about social engineering methods. The well-known scam of obtaining account information by means of fictitious telephone calls is still being used, the "evergreen" among fraud schemes, but unfortunately far from being an outdated model. Often, the telephone number is manipulated to make it look as if the bank is actually calling (call ID spoofing). All alarm bells should ring if the caller - by whatever argumentation - demands access via the PC by means of remote maintenance software! A decisive factor in this success is the progress made in the field of artificial intelligence (AI). With the help of AI manipulated voices the attacks are perfected. These so-called deepfakes also include fake videos.
After all, identifying security vulnerabilities and planning suitable attack scenarios still requires skilled IT security experts. These experts can keep a close eye on other potential risks in the financial sector and, if necessary, take countermeasures: the manageable number of IT service providers and cloud providers. Failure or limited availability here would quickly have drastic effects.
Investment fraud via fraudulent trading platforms has picked up speed. Online ads lure unsuspecting investment seekers to online trading portals where, after registration, contact is established with a personal "investment advisor". The latter promises high profits and persuades the victims to make ever higher investments.
However, cybercrime in the financial sector also takes place away from traditional fiat currencies. In 2021, for example, cryptocurrency holders on the Poly Network exchange network were robbed: By bypassing security measures, criminals managed to steal more than $600 million worth of digital currencies.
Current study reveals: Old motives, new methods
Cybercrime in the financial sector has already been industrialized to such an extent that global losses are expected to reach around six trillion U.S. dollars by 2023. According to experts, this sum will even double by 2025. And this is despite the fact that financial institutions - historically speaking - have particularly long experience in protecting their technical infrastructures.
After all, cyber attacks have been a relevant topic since the beginning of r online banking in November 1980. Since then, security systems have been continuously developed. Investments in this area have been correspondingly high. According to a global survey by the cybersecurity company Kaspersky, banks are the leaders in cybersecurity investments when broken down by number of employees.
The latest study from software company VMware, titled "Modern Bank Heists," indicates that 63% of financial firms surveyed experienced a higher number of cyberattacks in 2021 compared to the previous year. Sixty-six percent of financial institutions recorded attacks aimed at exploring non-public market and company data - meaning they were more likely to be economic espionage than traditional money theft.
A cyberattack with ransomware was suffered by 74% of financial firms surveyed - and 63% of those affected paid the ransom! A relatively direct way to capture digital currency is to interfere with transfer transactions that take place in cryptocurrencies. Accordingly, 83% of study participants were concerned about the security of crypto transfers.
It's not just about the money: How a digital bank heist works
VMware's latest report details how cybercriminals are now targeting non-public market information instead of directly extracting funds. The focus of cyberattacks on the financial industry is often ransomware attacks, which are the tapping of sensitive information that can be used to extort companies, such as public offerings, specific transactions or confidential earnings estimates.
One s means of achieving these goals is often the use of remote access Trojans (RATs). Cybercriminals rely on RATs, which make the attack take longer but are more difficult to contain. This form of malware aims to provide the attacker with information about the infected system or give the hacker control over the computer. Thus, manually hacking into a system environment with highly functional remote access software to attack specific system areas is a strategy that often remains under the radar of IT security officers until it is too late.
Also very popular among digital bank robbers is so-called island hopping, which involves hijacking a financial institution's digital transformation. Fifty-eight percent of the companies surveyed in the VMware study said they had experienced a higher number of such attacks in 2021 than in the previous year. In island hopping, smaller partner companies of the actual target company are seen as islands to be occupied in order to get to the big target. For example, marketing, payroll or healthcare companies are infiltrated. They usually have more vulnerable security systems than large financial institutions. After criminal hackers have illegally stolen access data there, they can easily obtain sensitive data from the target financial institution.
How financial firms protect themselves from digital bank heists
The majority of financial industry organizations plan to increase their cybersecurity budgets by 20% to 30% in 2022, according to the VMware report, which also reports that most investments are being considered in the areas of extended detection and response (XDR), workload security and mobile security.
Not to be forgotten, however, is that cross-enterprise and cross-sector networking among cybersecurity professionals can be a tool in defending against cyberattacks. IT managers should be empowered to inform each other about attacks taking place and to jointly evaluate incidents.
To reduce the danger of cyberattacks, the following preventive guidelines should be followed:
- Complete and regular backup of corporate data in a secure archive segmented by the network
- Multi-factor authentication for all employees to reduce the risk of phishing and social engineering
- Raise employee awareness, including through social engineering training, manuals or action plans, and incident response readiness training
- Proactive early attack detection through threat hunting tools such as Allgeier secion's managed Active Cyber Defense (ACD) service, which monitors the corporate network 24/7 for anomalies.
Conclusion
Financial institutions can defend themselves against increasing cyberattacks: In recent decades, criminals have expanded their portfolio and are attacking more frequently digitally to capture data and access transactions. At the same time, the financial industry is continuously adapting its security measures. In addition to employee training and sharing with other financial firms, the use of proactive security software is essential. Allgeier secion's ACD service, as an effective early attacker detection, continuously analyzes your corporate network for anomalies. It immediately notifies intruders, thus depriving them of the opportunity to let time work for them - and in doing so, compared to a SIEM and your own SOC, as a managed service, it is a leaner, more cost-effective and more secure solution.
Need help upgrading your IT security for 2022? Contact us!
Related articles
For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).
Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.
Read more … New ransomware trend: Why criminals increasingly rely on intermittent encryption
Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.