Asset Management, Risk Assessments/Management, Vulnerability Management, Security Strategy, Plan, Budget, Threat Management, Threat Management

Open ports and ‘risky services’ create exposure for financial firms

Metro areas such as New York City are the most active for attacks from bad actors, according to a new report by LookingGlass. Pictured: The Manhattan skyline looms over the East River on March 28, 2022, in New York City. (Photo by Spencer Platt/Getty Images)

Besides basic vulnerabilities, financial institutions face potential access from bad actors due to employees leaving ports open or making use of "risky services," according to a recent report from LookingGlass.

While the report noted that “there has never been a more serious time for U.S. critical infrastructure sectors to shore up their cybersecurity defenses than right now,” the study pointed out a number of exposures and vulnerabilities for financial institutions that could be exploited, especially with Russian fraudsters being particularly aggressive.

“While ensuring internal cybersecurity solutions are blocking and detecting nefarious activities is critical, security leaders need to understand their external attack surface,” according to the LookingGlass report. “This outside-in view highlights the vulnerabilities and exposures that threat actors can enumerate on your network.” The report features a “heat map,” illustrating the areas of the country that are most under fire from cybercrime groups. Not surprisingly, major metropolitan areas are the most active areas for attacks, including New York, Chicago, San Francisco and Los Angeles.

However, beyond basic common vulnerabilities, the report points out that financial institutions are still at risk from attacks through “open ports, or risky services,” through which “a threat actor could gain a foothold in [a financial institution’s] network, obtain important date, or settle in for more persistence.” In the wake of recent developments in Russia, the report cited variants of Minerpane, Sality (or Salty Spider) and Andromeda (also known as Gamarue) as cyber-infections that are proliferating.

“As geopolitical conflicts persist and grow, it’s more important than ever for U.S. critical infrastructure enterprises to identify their vulnerabilities and exposures, and work to update, patch, or remediate these items,” the LookingGlass report concludes.

“While some believe that countries have piles of zero-day exploits waiting to be released, these will likely be used in specific situations with stealth and care,” according to the report. “What we have seen time and again for U.S. critical infrastructure, like the financial services sector, is that there are more than enough vulnerabilities and exposures that can be exploited without the need for a zero-day.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.