Nearly two-thirds (63%) of global financial institutions experienced a rise in destructive attacks over the past year, with many fearing further threats as the war in Ukraine escalates, according to VMware.
The firm polled 130 financial-sector CISOs and security leaders worldwide to compile its Modern Bank Heists report.
The number reporting an increase in destructive malware surged 17% from last year’s report, according to head of cybersecurity strategy, Tom Kellermann.
Although criminals often use the technique to destroy evidence and throw incident response teams off the scent, there is the prospect of more attacks in which data wiping is the primary goal.
“Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code,” said Kellermann.
“In fact, we’ve recently witnessed destructive malware like HermeticWiper being launched following Russia’s invasion of Ukraine. Notably, the majority of financial leaders I spoke to for this report stated that Russia posed the greatest concern to their institution.”
This week, the Five Eyes intelligence group repeated warnings of Russian state-backed attacks on Western critical infrastructure and potential threats from cybercrime groups in the region.
Banks would undoubtedly be in the crosshairs of possible cyber-retaliation, given the major impact of economic sanctions on Russia.
The report also revealed that three-quarters (74%) of respondents experienced at least one ransomware attack over the past year, with 63% paying the ransom – a figure Kellermann branded “staggering.”
Ransomware-as-a-service offerings and remote access tools (RATs) have helped cyber-criminals gain an advantage in this space, he argued.
“Ransomware has a sinister relationship with these RATs, given these tools allow bad actors to persist within the environment and establish a staging server that can be used to target additional systems,” Kellermann continued.
“Once an adversary has gained this limited access, they will typically work to monetize it by relying on the victim’s data for extortion (including double and triple extortion) or through stealing resources from cloud services using cryptojacking attacks.”