{"id":904,"date":"2024-11-20T09:01:00","date_gmt":"2024-11-20T09:01:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=904"},"modified":"2024-11-20T09:01:00","modified_gmt":"2024-11-20T09:01:00","slug":"11-biggest-financial-sector-cybersecurity-threats","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=904","title":{"rendered":"11 biggest financial sector cybersecurity threats"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The financial sector faces a wide array of serious security threats that will only increase as cybercriminals make greater use of AI.<\/p>\n

Financial sector firms are uniquely exposed to cyber risk due to the large amounts of sensitive data and transactions they process. Common cyber risks across the sector include phishing, ransomware, data breaches, denial-of-service attacks, and advanced persistent threats.<\/p>\n

The shift to hybrid work models, the increasing adoption of cloud computing, and the emergence of novel threats against legacy cryptography heap further pressure on hard-pressed financial sector CISOs \u2014 who already face the burden of achieving compliance with numerous laws, regulations, and standards governing the sector.<\/p>\n

Following are the most significant cyber threats financial companies face today.<\/p>\n

1. Ransomware<\/h2>\n

Two-thirds (65%) of financial institutions worldwide reported ransomware attacks in 2024<\/a>, a sharp rise from 34% in 2021, according to Statista. The average ransom demand is US$4.2 million, according to recent research by cybersecurity reviews website Comparitech<\/a>, which found the average ransomware paid out was even higher, at US$7.4 million.<\/p>\n

Comparitech identified a total of 395 individual ransomware<\/a> attacks on financial organizations over recent years with peaks in 2023 (105) and 2021 (104).<\/p>\n

\u201cOrganizations need to be mindful that paying a ransom might return access to systems but doesn\u2019t remove attacker access or necessarily prevent them selling the data they\u2019ve successfully targeted,\u201d warns David Higgins, senior director of the field technology office at identity management vendor CyberArk.<\/p>\n

More generally, malware attacks against finance sector firms doubled last year, according to network security vendor SonicWall<\/a>.<\/p>\n

2. Phishing and social engineering<\/h2>\n

The financial services industry is also a prime target for brand impersonation attacks due to its vast amounts of sensitive data, such as banking credentials and personally identifiable information (PII)<\/a>.<\/p>\n

Two-thirds (68%) of identified phishing pages from August 2023 through July 2024 targeted financial institutions and their customers, according to a recent report by cybersecurity and content delivery vendor Akamai<\/a>.<\/p>\n

Information obtained via counterfeit banking sites allows cybercriminals to either loot online accounts or sell stolen banking credentials through underground marketplaces.<\/p>\n

Credentials for e-wallets and cryptocurrency accounts can be sold on the dark web for anywhere from US$120 to US$400. The high payoff of such schemes makes financial services prime targets of both brand abuse and phishing attacks.<\/p>\n

Introducing stronger identity verification and multifactor authentication (MFA) can reduce exposure to phishing attack. Introducing technologies to guard against email fraud and spoofing is also beneficial.<\/p>\n

\u201cOrganizations should deploy email authentication protocols such as Domain-based Message Authentication, Reporting & Conformance [DMARC<\/a>] protection to prevent cybercriminals from spoofing their identity and reduce the risk of email fraud associated with their brand,\u201d advises Matt Cooke, cybersecurity strategist at email security experts Proofpoint.<\/p>\n

3. Distributed denial of service (DDoS)<\/h2>\n

Financial organizations rely on high availability, so DDoS attacks<\/a> pose a severe threat.<\/p>\n

The finance industry faces significant threats from hacktivist groups who target financial institutions \u2014 perceived as symbols of economic power \u2014 with DDoS attacks to advance political or social agendas, creating inconvenience and financial loss while drawing public attention to their causes.<\/p>\n

DDoS attacks are often driven by geopolitical tensions, including the Israel-Hamas conflict and the war in Ukraine. For example, a recent politically motivated DDoS attack in July targeted a major financial services company in Israel<\/a>, originating from a globally distributed botnet, and lasted nearly 24 hours, peaking at 798Gbps.<\/p>\n

The global financial services industry was more frequently targeted by DDoS attacks than any other business sector in the first half of 2024, according to Akamai.<\/p>\n

The issue is far from limited to conflict zones.<\/p>\n

In the first half of 2024, insurance agencies and brokerages were among the top 10 most targeted sectors<\/a> by cybercriminals in EMEA, according to network performance management vendor NetScout.<\/p>\n

\u201cCritical infrastructure sectors, particularly banking and financial services, have experienced a 55% increase in DDoS attack activity over the last four years,\u201d Richard Hummel, threat intelligence lead for NetScout, tells CSO.<\/p>\n

4. Advanced persistent threats (APTs)<\/h2>\n

Financial institutions are frequently targeted by state-sponsored \u2014 mostly by North Korea or Iran \u2014 and other APT attackers who seek to either steal funds, manipulate the financial system, or gain intelligence.<\/p>\n

\u201cAPT groups will continue to use sophisticated tactics, including living-off-the-land (LotL) techniques, to remain undetected,\u201d threat intel firm ReliaQuest warns<\/a>. \u201cSecuring sensitive digital assets and enhancing transaction security are critical for the sector.\u201d<\/p>\n

North Korean state-sponsored actors, such as Lazarus, are well known for monetizing cyberattacks \u2014 most notoriously through the February 2016 cyber heist<\/a> of Federal Reserve Bank of New York account belonging to Bangladesh Bank. More recently North Korean cyberspies have targeted cryptocurrency exchanges and wallets to steal or launder cryptocurrency.<\/p>\n

5. Insider threats<\/h2>\n

Insider threats, often exacerbated by overprivileged access and embedded secrets, are a prominent risk in financial organizations.<\/p>\n

A disgruntled or mendacious employee with privileged access to systems and data can cause a great deal of harm. \u201cIn the finance industry, insider threats can lead to data breaches, fraud, or theft of sensitive financial information,\u201d security vendor SentinelOne warns<\/a>.<\/p>\n

The risk can be mitigated in part by managing access controls and ensuring sensitive information is accessible only to authorized personnel.<\/p>\n

6. Security debt<\/h2>\n

Flaws that remain unfixed for longer than a year exist in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to recent research by application risk management vendor Veracode<\/a>.<\/p>\n

Veracode researchers found 40% of all applications in the financial sector have security debt, marginally better than a cross-industry average of 42%. Only 5.5% of financial sector applications are flaw free.<\/p>\n

The majority (84%) of all security debt affects first-party code, but the majority (78%) of critical security debt comes from third-party dependencies. Researchers found that financial organizations fix half of first-party flaws in the first nine months, compared to 13 months for third-party flaws.<\/p>\n

Delays in fixing, or at least remediating, insecure code threaten financial sector security, according to Veracode, which warns that security debt in the financial sector is escalating rather than improving.<\/p>\n

7. Software supply chain risks<\/h2>\n

The latest edition of Verizon\u2019s Data Breach Investigations Report<\/a> warned of a 68% surge in breaches resulting from supply chain attacks<\/a> over the past year, particularly targeting critical vendors in software, data processing, and IT infrastructure.<\/p>\n

\u201cSupply chain cyber threats also pose a significant risk to the FSI [financial services and insurance] sector, especially with the increase in reliance on third-party IT services,\u201d Lewis Duke, SecOps and threat intelligence lead at Trend Micro, tells CSO.<\/p>\n

Last December a ransomware attack on a service provider left 60 US credit unions facing outages. An earlier 2020 supply chain attack on SolarWinds\u2019s Orion<\/a> network monitoring software, widely used in government and industry, served as a wakeup call about the class of threat.<\/p>\n

\u201cTo mitigate this risk, FSI organisations must implement rigorous vendor risk management programs<\/a>, and conduct thorough security assessments and audits of third-party providers,\u201d Trend Micro\u2019s Duke advised.<\/p>\n

Vulnerabilities in open-source components and third-party libraries are increasingly exploited in sophisticated supply chain attacks, experts warn.<\/p>\n

\u201cSBOM [software bills of materials<\/a>] automation tools scan dependencies to identify and mitigate vulnerabilities early in the development lifecycle, reducing exposure to these threats,\u201d says Philip Pearson, field CISO at cloud-native application security vendor Aqua Security.<\/p>\n

8. Cryptojacking<\/h2>\n

Cryptojacking<\/a> occurs when malware infiltrates an organization\u2019s network and steals resources to mine cryptocurrency. Threat actors spread this malware through malicious websites, browser extensions, phishing emails, unsecured cloud instances, and by exploiting vulnerabilities.<\/p>\n

The scam is on the rise with security researchers reporting a 659% year-on-year rise in global cryptojacking by the end of 2023, according to SonicWall.<\/p>\n

ReliaQuest warns both financially motivated cybercriminals and nation-state-backed APT groups pose cryptojacking threats to the finance industry, which they covet for its huge computational resources.<\/p>\n

9. Emerging quantum threats to encryption<\/h2>\n

Quantum computers are advancing toward solving complex mathematical problems that underlie today\u2019s public-key cryptography. Once operational, they could render current encryption obsolete, exposing sensitive financial data to breaches.<\/p>\n

\u201cQuantum computers present a threat to RSA or elliptic curve-based public key encryption systems that financial sector organizations rely on to protect sensitive data,\u201d says Dr. Marc Manzano, general manager for cybersecurity at AI and quantum technologies specialist SandboxAQ. \u201cTo mitigate this risk, financial institutions need to establish comprehensive programs to modernize cryptography management.\u201d<\/p>\n

Fortunately, the threat has been long-anticipated and development of cryptographic algorithms secure against cryptanalytic attacks by a quantum computer has been in the works for years<\/a>.<\/p>\n

The US National Institute of Standards and Technology (NIST) released its first set of quantum-resistant algorithms<\/a> in August 2024. Early adoption of these technologies aligns institutions with global best practices and regulatory expectations.<\/p>\n

The G7 Cyber Expert Group (CEG) \u2014 chaired by the US Department of the Treasury and the Bank of England \u2014 is advising financial authorities and institutions to take proactive measures against quantum risks<\/a>.<\/p>\n

Organizations should plan for a phased migration of their IT infrastructure<\/a> to quantum-resistant encryption, ensuring continued data security in a post-quantum era.<\/p>\n

10. Emerging AI-assisted attacks<\/h2>\n

AI speeds up credential stuffing and brute-force attacks<\/a>, allowing cybercriminals to test passwords at a rate no human could match. Gen AI tools can also be abused to create much more convincing phishing scams<\/a>.<\/p>\n

\u201cThe misuse of AI has stepped up phishing efforts,\u201d according to Megha Kumar, chief product officer at global cyber consultancy CyXcel. \u201cForget those obvious, typo-filled scam emails. Now, cybercriminals can send highly tailored, professional-looking messages that are much more likely to trick people.\u201d<\/p>\n

\u201cWhile commercial generative AI tools, such as ChatGPT, have attempted to build guardrails to prevent bad actors from using the technology for malicious purposes, adversarial tools such as WormGPT have emerged to fill the gap for attackers,\u201d adds Keiron Holyome, VP of UKI and emerging markets at BlackBerry Cyber.<\/p>\n

Research has shown gen AI can be abused to create fraudulent voice imprints<\/a> capable of circumventing biometric identification tools used by banks.<\/p>\n

That\u2019s just the start of it.<\/p>\n

Criminals might use AI to comb through huge data sets quickly, identifying valuable targets for data theft, among other malicious applications.<\/p>\n

\u201cMalware empowered by AI can learn typical user or network behaviors, enabling attacks or data exfiltration that evades detection by better mimicking normal activity,\u201d Holyome says. \u201cAI-powered reconnaissance tools may facilitate autonomous scanning of networks for vulnerabilities, choosing the most effective exploit automatically.\u201d<\/p>\n

11. Tougher regulatory regimes<\/h2>\n

Not a cyber threat per se, but banks, insurance, and investment firms in particular are subject to an increasingly wide range of regulations and compliance requirements, with new cybersecurity strictures upcoming.<\/p>\n

\u201cFailing to implement appropriate cybersecurity measures may expose [finance sector organizations] to reputational as well as enforcement risks, including severe fines under the GDPR,\u201d warns Sarah Pearce, partner at law firm Hunton Andrews Kurth. \u201cWe are seeing an increased focus on operational resilience with upcoming legal frameworks on cybersecurity evolving and becoming more prescriptive.\u201d<\/p>\n

DORA (Digital Operational Resilience Act) regulations<\/a> are set to take effect across the EU in January 2025, bringing with them a requirement for banks to establish comprehensive risk management frameworks.<\/p>\n

\u201cWithin the next year, banks will, for example, be required to comply with considerable cybersecurity obligations under DORA,\u201d according to Pearce. \u201cObligations will vary depending on the specific type of products and services they offer.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The financial sector faces a wide array of serious security threats that will only increase as cybercriminals make greater use of AI. Financial sector firms are uniquely exposed to cyber risk due to the large amounts of sensitive data and transactions they process. Common cyber risks across the sector include phishing, ransomware, data breaches, denial-of-service […]<\/p>\n","protected":false},"author":0,"featured_media":905,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-904","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/904"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=904"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/904\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/905"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}