Threat Management, Threat Management, Data Security, Risk Assessments/Management

Cyberattacks on financial firms are more damaging, target sensitive data

The New York Stock Exchange stands in lower Manhattan on May 11, 2021, in New York City. (Photo by Spencer Platt/Getty Images)

Just as the tools to limit financial fraud have evolved, so have the threats aimed at U.S. financial firms, in terms of more advanced and subtle intrusions, and where they strike, according to a recent study.

Two-thirds (66%) of financial service institutions experienced attacks targeting their “market strategies ... [in a way that] aligns with economic espionage and can be used to digitize insider trading and front-run the market,” according to a release on VMware’s fifth annual Modern Bank Heists report, released last week.

Once cyber-thieves get access to a financial network, the report found, they are not simply aiming to make fraudulent wire transfers or access capital. Instead, savvy cybercrime syndicates are collecting nonpublic market information, including earnings estimates, public offerings and “significant transactions” which underscore FSIs’ market strategies.

Moreover, cyber-robbers have become much more sneaky in their attacks, altering tell-tale aspects of data-access to their own advantage. The report was the result of an online survey of 130 financial industry CISOs worldwide — more than 2 out of 5 in North America (41%) — conducted in February 2022 aimed at “provid[ing] insight into the changing behavior of cybercriminal cartels and the defensive shift of the financial sector.”

Two-thirds of respondents had seen time stamps manipulated — a so-called Chronos attack, named for the Greek god of time — with 44% of such attacks targeting financial firms’ market positions, according to the report findings.

“From a kill-chain perspective, the surge in attacks against APIs, the manipulation of time stamps, and the surge in destructive attacks as a function of counter-incident response were all surprising and are certainly concerning,” said Tom Kellermann, head of cybersecurity strategy at VMware and author of the Modern Bank Heists report.

Similarly, 3 out of 5 financial service firm CISOs (60%) said their institutions experience a noticeable increase in “island hopping,” where the attackers launch a campaign aimed at a bank or credit union’s more vulnerable third-party providers in order to access the FSI’s network. Financial CISOs said this represented a 58% increase in island hopping in the past year, ushering in “a new era of conspiracy, where hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome,” according to the VMware release.

“The Secret Service, in its investigative capacity to protect the nation's financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud,” Jeremy Sheridan, former assistant director for the U.S. Secret Service, said in a prepared release.

Sheridan added that there are “a variety of reasons for the opportunities, motives, methods, and means related to criminal activity. At the forefront is the swelling profitability of these crimes which, of course, motivates criminal actors.”

And, with financial gain remaining a top motivation, roughly three-quarters of financial CISOs (74%) admitted that they had had at least one ransomware attack in the past 12 months, with 63% of those having paid the demanded ransom. Going forward, the lion’s share of respondents claimed that the situation with Russia presented a huge potential for politically and financially motivated attacks.

“The hijacking of banks’ infrastructure to launch attacks and the targeting of non-public market information are two notable trends that demonstrate the evolution of attacks on the financial sector in recent years,” said Kellermann.

Meanwhile, concerns over cryptocurrency security are also running high — 83% of financial CISOs surveyed claimed they are worried about how these crypto-exchanges might be targeted for attack in order to cash in.

Sheridan said in a release that the “proliferation of digital money payment systems has created a global, instantaneous and pseudo-anonymous means to facilitate their actions. All of these factors have facilitated the maturation of a cybercriminal ecosystem that has not been sufficiently suppressed.”

In response, the vast majority of financial institutions expect they will increase their budget by as much as 30% this year, with significant investment in extended detection and response (XDR), workload security and mobile security, the report found.

“Security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilizing wipers and Remote Access Tools (RATs), and a record-breaking year of zero day exploits,” Kellermann said in an email response. “Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector. Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.