Ransomware, Phishing, Threat Management

Beating back the ransomware threat in financial services

High-profile ransomware cases like the attack on Colonial Pipeline last year have got the industry’s attention. Today’s columnist, Shaun Bertrand of CBI, offers four tips on how security teams can mitigate ransomware. (Michael M. Santiago/Getty Images)

While the onslaught of ransomware threats from bad actors is unrelenting, the response from financial service institutions (FSIs) can be increasingly strong and more proactive, according to industry experts. 

Speaking at Tuesday’s SC Finance eConference, Jeramy Kopacko, senior solutions architect for Sophos, pointed out that cybercrime is a $1 billion-plus business already.

“You can go on the web and find open remote desktop servers that have been exploited for sale, to be bought and leveraged,” Kopacko said.  

“You don’t even need to be that skilled a hacker,” he noted, as there are an increasing number of “ransomware services” where prospective black-hat hackers can purchase a service to help them conduct ransomware exploits. 

With this is mind, Kopacko said that “people are starting to wake up. Awareness is starting to grow.” He pointed out the $500 million slated for the Cybersecurity and Infrastructure Security Agency (CISA) in President Joe Biden’s recent $1.7 trillion budget.

“We’re finally beginning to grow beyond these little tech silos,” Kopacko said, adding that challenges still remain. “There is some downside, too. People and insurers are getting sick of losses.”

Last year, cyber insurance providers paid out more than $1.6 billion, a 72% loss-ratio. Ransomware exploits have increased continuously year-over-year since 2017, according to Sophos. 

Indeed, it is expected that cyber-liability insurance premiums will continue to rise and coverage may decline, he added. Last year, there was $145 billion spent on ransomware prevention and yet $945 billion was lost, and overall $1 trillion was spent in 2020 on security solutions, according to a Washington Post article cited by Kopacko. Still, the main security threats remain the same: phishing, spoofing credential stuffing and remote access (especially recently) are the top threats to creating a ransomware threat.

Typically, many fraudulent forms of access start with a basic “phishing” or more targeted “spearphishing” or mobile text-based “smishing” or voicemail-oriented “vishing” play for access. Phishing emails may be old-school, as far as hacking is concerned, but (sadly) it still works and so it is still the goto for many prospective cybercriminals. Indeed, according to research from Sophos, 42 percent of financial customers experience phishing or smishing attempts (as opposed to 40 percent across sectors)

When a phishing scam tells a financial customer that their account is frozen or may be in jeopardy, it's not surprising that they click the link or URL of a bad actor, thinking that is what is needed to correct their financial issues.

“When you install malware, steal information, [encourage] visiting a bad website, the average consumer that is not paying attention, is not alerted,” said Kopacko.  

When it comes to credential stuffing and identity theft, cyber-criminals are mining much of their illgotten gains from the dark web. But the fact that many FSI customers reuse their financial access passwords for other online sites (music, dating, entertainment, etc), makes these passwords more accessible. Kopacko recommended checking one’s history at haveibeenpwned.com, a site that informs consumers if their personal information has been compromised.

Financial customers need to not only be wary of potential stalking of their banking accounts, but their commerce and social media accounts as well. Kopacko pointed out that Apple, Amazon and Microsoft are the “three most spoofed brands in phishing attacks.” Hence, FSI customers must take care with the data they share with these sites, and consider carefully when they input data or simply correspond with these particular sites. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.