Report: Security incidents in finance sector 300 percent more frequent than other industries
Rerdom, Vawtrak and SearchProtect are among the top malware targeting organizations in the financial services sector.
Organizations in the financial services sector encounter security incidents about 300 percent more frequently than those in other industries, according to the “2015 Industry Drill-Down Report: Financial Services” from Websense.
The finding is based on data collected between January and May of this year by the Websense ThreatSeeker Intelligence Cloud. Researchers combed through the data to identify targets and stages of attacks, and also determined that the majority of threats have been originating from the U.S.
In a Tuesday email correspondence, Rajiv Motwani, director of security research with Websense Security Labs, told SCMagazine.com that the financial services sector is most targeted for a simple reason: money.
“Simply put, the financial services sector offers one of the richest potential returns on investment for cybercriminals motivated by money,” Motwani said. “Nation-states, terrorists, industrial spies and hacktivists have their own motivations, but cybercriminals attacking the financial services sector are often able to convert their activities directly into cash.”
Applying the data to the seven-stage kill chain for advanced threats – reconnaissance, lure, redirect, exploit kit, dropper file, call home, and data theft – researchers determined that, globally, 33 percent of lure stage attacks targeted the financial services sector.
“One of the common techniques in lure stage attacks are very targeted spear phishing emails,” Motwani said, adding, “A good lure stage attack targeting someone working at a bank might appear to come from a known email address – a coworker, a supervisor, a vendor, or a customer. The look and feel of the email, from the fonts, grammar, jargon and graphics, would appear trustworthy.”
Taking a look at the top malware targeting the finance sector, researchers observed Rerdom being used 30 percent of the time, Vawtrak and SearchProtect being used 13 percent of the time, and BrowseFox being used four percent of the time.
Additionally, the report said that Geodo malware targets the financial services sector 400 percent more often than other industries.
To address the threat posed by malware, organizations must use updated security products, use technology for fraud detection, adopt a risk mitigation strategy, balance prevention and detection, and increase the security IQ of both stakeholders and end users, Motwani said.
Other non-malware threats targeting the financial services sector are also on the rise, including typosquatting domains. This typically targeted attack generally involves tricking a victim into taking a malicious action by using a domain name that looks official, but has actually had numbers and letters replaced with similar looking characters, or characters that have been switched around.
“Defending against typosquatting requires a combination of user education and technology to be effective,” Motwani said. “It can start with typosquatting yourself – registering domains that are similar to your own as part of a preemptive risk mitigation strategy.”
Motwani continued, “For end users, examine the email you receive – visually inspect links, look for URLs which may look similar – the lowercase L used instead of the number 1, the numeral 0 instead of the letter O, or combinations of letters which appear, at a glance, to be a different letter – lowercase R and N (rn) can look like a lowercase M, or lowercase C and L (cl) can look like a lowercase D. Other end user training is to log in to systems only with known good bookmarks, and to not click links in email.”