Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cyber Threats Every Financial Services Firm Should Know About

The financial services industry is among the most heavily targeted sectors by cybercriminals. In 2015 we saw a surge in attacks that involved extortion, social engineering, credential-stealing malware and sophisticated threats. In order to better defend against these unrelenting and increasingly malicious attacks, financial institutions must continually strive to understand the threats and the actors behind them.

The financial services industry is among the most heavily targeted sectors by cybercriminals. In 2015 we saw a surge in attacks that involved extortion, social engineering, credential-stealing malware and sophisticated threats. In order to better defend against these unrelenting and increasingly malicious attacks, financial institutions must continually strive to understand the threats and the actors behind them.

Based on correlating sector data and analyzing changes month on month here is a brief overview of the new threats and tactics, techniques and procedures (TTPs) that security professionals in the financial services sector should know about. With relevant and contextual insight, security teams can increase their cyber situational awareness and better align security strategies in 2016.

Cyber Threats 1. Extortion. Two main actors, DD4BC and the Armada Collective, led the way in Distributed Denial of Service (DDoS) extortion in 2015. They use similar TTPs to extort Bitcoins from victims, beginning by notifying them that they are vulnerable to a DDoS attack and increasing attack activity and the ransom request if they are ignored. By the end of the year more bad actors jumped into the fray including a group called Hacker Buba which began tweeting links to customers’ private financial data when its extortion attempts were unsuccessful.

2. Social media attacks. There were several notable examples of attackers misusing social media profiles, hiding behind fake profiles to gain trust and extract information for social engineering purposes. Toward the latter part of 2015 both Facebook and Twitter began proactively monitoring for suspicious activity and notifying users if they believe their accounts had been targeted or compromised.

3. Spear phishing and whaling. Achieved by the use of reconnaissance to make messages appear more genuine, spear phishing attacks masquerade as a legitimate individual or institution and co-opt their established trust to coerce the target into providing credentials to the attacker. Whaling, targeting multiple victims for larger sums of money, takes this method to the next level and escalated in 2015. It involves spoofing executives’ emails – often those of CEOs – to dupe finance departments to make large transfers into fraudulent accounts. The directive often includes a URL that appears to be a legitimate financial services website but in fact redirects the target to an alternative site.

4. Point-of-Sale malware. PoS systems remain a target for criminals despite the adoption of the Europay, MasterCard and Visa (EMV) standard. A number of variants of POS malware, including LusyPOS and BlackPOS, have been observed recently. There is also some evidence that cloning of EMV credit cards is possible.

5. ATM malware. Various ATM-specific malware threats were discovered in 2015. GreenDispenser infects ATMs and allows criminals to extract large sums of money while avoiding detection. Reverse ATM attacks also emerged. These attacks use a combination of compromised PoS terminals and ‘money mules’ in order to reverse transactions after money has been withdrawn physically or sent to another bank account.

6. Other notable threats. Credential-stealing malware targeting banking customers is on the rise. For example, Dridex has been very active in 2015 and has garnered significant international law-enforcement attention. Exploit kits, which offer a user-friendly way for attackers to infect victims, are also highly active with some of the more popular kits, like the Angler Exploit Kit, incorporating the ability to take advantage of new vulnerabilities extremely quickly.

Advertisement. Scroll to continue reading.

7. Sophisticated financial services threats. Throughout 2015 multiple threat actors used sophisticated TTPs in order to infiltrate organizations and exfiltrate valuable data. Typical TTPs include the use of social engineering such as spear phishing, network intrusion techniques and custom malware toolsets and utilities. Examples of such threats include Desert Falcon and Equation Group which target multiple geographies and multiple sectors, including financial services. An organized gang named Anunak/Carbanak targeted financial institutions specifically. This particularly advanced group broke into internal networks, installed malicious software and took control of victims’ machines to drain bank ATMs of cash and steal money using the SWIFT network.

The financial services sector will likely continue to experience cyber threats more frequently than other industries and from threat actors with access to a range of TTPs. While companies and law enforcement are working together to identify and stop these attacks and the groups behind them, financially-motivated cybercriminals never rest. Organizations must continue their quest for better threat protection and risk mitigation. By understanding which malicious actors may target an institution, why, and their methods of attack, financial services firms can enhance their cyber situational awareness and make more informed decisions about where and how to focus their security resources.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...