Destructive Attacks Surged in 2020 for Financial Institutions

Written by

Cyber-attacks against global financial institutions are increasingly characterized by attempts to counter incident response, with destructive efforts surging 118% over the past year, according to VMware.

The tech giant’s Modern Bank Heists 4.0 report was compiled from interviews with over 120 CISOs and security leaders from some of the world’s biggest banks.

It revealed that attackers are becoming increasingly adept at circumventing incident responders — in fact, counter incident response happened 63% of the time over the past year.

This includes activities such as blocking events from hitting SIEM systems, disabling security tools, clearing logs, manipulating time stamps and deploying destructive malware and wipers.

More than half (54%) of respondents said they experienced destructive attacks over the past year.

Elsewhere, supply chain attacks are also on the rise as threat actors look for easier ways to bypass corporate security.

Nearly two-fifths (38%) of respondents said they’d experienced an increase in so-called island hopping, where a supplier is attacked en route to a bigger target. This figure was itself a 13% increase on last year.

As for the end goal of attacks, it appears to be wire transfer fraud, recorded by 57% of respondents, and insider trading. On the latter, 41% of financial institutions said they’d experienced an increase in brokerage account takeovers, enabling attackers to gather intel to make strategic financial bets.

Even more (51%) said they’d experienced attacks targeting non-public information, which again could be used to provide intel for trades.

VMware had several recommendations for security teams including: integrating network detection and endpoint protection; conducting weekly threat hunting exercises; deploying workload security; and using deception practices.

It also urged incident response teams to spend more time monitoring after an attack is discovered, to understand all avenues of entry used by the threat actors. Agents should be deployed in monitor-only mode and renamed to something innocuous to ensure attackers don’t catch on and change their tactics, VMware added.

Tom Kellermann, head of cybersecurity strategy at VMware’s Security Business Unit, argued that organized cybercrime gangs continue to evolve their tactics.

“These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitize over the past year as the pandemic hampered them from conducting business as usual,” he added.

“This has popularized the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.”

What’s hot on Infosecurity Magazine?