Threat Management, Malware

Financial services industry most targeted with malware for second year straight

For the second year in a row, the financial services industry tops the charts as the most targeted industry with the highest volume of security incidents and the third highest volume of cyber-attacks.

The top five most frequently targeted industries of 2017 were financial services, information and communications technology, manufacturing, retail, and professional services, according to the 2018 IBM X-Force Report.

Financial services firms were targeted in 27 percent of recorded attacks but experienced 17 percent of the security incidents compared to the information and communications technology which experienced 33 percent attacks but accounted for 18 percent of the security incidents.

“Since security incidents have the highest severity of the monitored event data, they are weighted accordingly when ranking,” researchers said in the report. “For this reason, although the information and communications technology industry experienced the highest number of attacks, it ranks second to financial services, which experienced nine percent more security incidents.”

The manufacturing industry was also targeted in 18 percent of the attacks but experienced only 13 percent of the security incidents.

The report found that overall the top targeted industries experienced a decline in attacks and security incidents, 18 percent and 22 percent respectively, in 2017 over the previous year mostly due to a significant decrease in Shellshock attack.

The most prevalent financial malware families were Gozi (Ursnif) variants, Zeus, Dridex Ramnit, Zeus Sphinx, TrickBot, QakBot, Zeus Panda, GootKit, and Qadars. A few areas also saw new malware threats that had previously been unseen in their neck of the woods such as IcedID in the US and UK, Ursnif (aka Gozi) in Austria, and Client Maximus in Brazil.

“The most active financial malware, Gozi (Ursnif), toppled Zeus from its number one position,” the report said. “Gozi activity made up nearly one-fourth of the activity tracked, proving that organized crime is overtaking all other classes of actors in the financial malware-facilitated fraud scene.”

The number-one attack vector targeting all top industries in 2017 was injection attacks which nearly doubled in 2017 over the previous year accounting for 79 percent of the malicious activity on enterprise networks. Researchers said most of these attacks involved botnet-based command  injection (CMDi) local file inclusion (LFI) attacks and CMDi attacks containing embedded cryptomining tools, the report said.

The report also noted an upgrade in financial malware featuring sophisticated source codes, high-value targets and grand-larceny capabilities suggesting that the malware is the organized operations as opposed to small operations or lone actors.

Threat Groups operating the Dridex or TrickBot Trojans may have dozens of people working in various need-to-know levels while competitors such as those operating Gozi can have links to more threat actors in different geographical hubs operating the malware as a service.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.