Ransomware plagues financial industry as cyberattacks grow more complex

According to VMware’s latest Modern Bank Heists report, ransomware is plaguing financial institutions as they face increasingly complex threats in previous years due to the changing behavior of cybercriminal cartels.

According to the report, this has happened as cybercrime cartels have evolved beyond wire transfer fraud to target market strategies, take over brokerage accounts and go into banks.

For the report, VMware interviewed 130 finance industry CISOs and security leaders from different regions, including North America, Europe, Asia-Pacific, Central and South America, and Africa.

The report’s findings were consistent with the observations of other security experts. “The Secret Service, in its investigative capacity to protect the nation’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex computer fraud,” said Jeremy Sheridan, former deputy director of the Secret Service. Americans. “The persistent and inadequate security of Internet-connected systems provides an opportunity and a methodology.”

Conti ransomware reported as the most prevalent

Ransomware continues to plague organizations, with 74% of security officers surveyed saying they had experienced one or more attacks in the past year, and 63% saying they eventually paid a ransom. Conti ransomware turned out to be the most widespread.

Sixty-three percent of respondents acknowledged having experienced an increase in “destructive attacks” in which cybercriminals destroy data and evidence of their intrusion. This is a jump of 17% over last year. These attacks involve variants of malware that destroy, disrupt, or degrade victim systems by taking actions such as file encryption, data deletion, destruction of hard drives, interrupting connections, or running malicious code.

Although 71% of survey participants noted an increase in wire transfer fraud in their organization, many said cybercriminals have shifted from activities related to wire transfers and access to capital to information targeting non-public markets. Two out of three financial institutions (66%) experienced attacks targeting data related to market strategies.

“The most targeted market strategies are long-term portfolio positions, confidential M&A information, and IPO filings,” said Tom Kellermann, chief cybersecurity strategy officer at VMware. “Modern market manipulation aligns with economic espionage and can be used to digitize insider trading.”

Additionally, security officials at 63% of financial institutions surveyed said they experienced an increase in brokerage account takeovers, up from 41% last year. Attackers are increasingly exploiting compromised login credentials to move freely around the network and access brokerage accounts.

Survey respondents also said they had observed Chronos attacks, a term borrowed from the Greek god of time, which involves the manipulation of timestamps on security trades. Sixty-seven percent of financial institutions reported Chronos attacks, and 44% of those attacks targeted market positions.

“Although the damage radius of Chronos attacks is not large, time manipulation undermines security, soundness, trust and confidence in the financial industry,” Kellermann says. “Financial institutions need to keep a close eye on the clock and ensure that security teams are ready to protect the integrity of time.”

Island hopping has become one of the most threatening attack trends and was reported to affect 60% of surveyed financial institutes, a jump of 58% from last year. Moving from island to island, cybercriminals study the interdependencies of financial institutions and understand which managed service provider (MSP) is used. This, in turn, allows them to target these organizations in order to island hop in the bank.

Cryptocurrency exchanges have become a major concern over the years, with around 83% of respondents expressing concerns about their security.

Main Defenses for CISOs of Financial Firms

The report recommended a few top defenses for CISOs and security managers to defend against these attacks:

  • NDR Integration with EDR: Network Detection and Response (NDR) should integrate with Endpoint Detection Response (EDR) for continuous real-time monitoring of systems to detect and investigate potential threats .
  • Applying micro-segmentation: limiting lateral movements by applying confidence limits will improve detection.
  • Deploy Decoys: Use deception technology to deflect the intruder.
  • Implement DevSecOps and API security: Introduce security early in the application development lifecycle.
  • Automate vulnerability management: Prioritize risks to focus on high-risk vulnerabilities.

“Investments in API security and workload security are needed, and increased dialogue between the monitoring department and information security departments must take place to thwart digital front-running,” says Kellerman. “The CISO must also report to the CEO and regularly brief the board to ensure a smooth and transparent flow of discussion.”

Copyright © 2022 IDG Communications, Inc.

Comments are closed.