IBM: Phishing scams a major cause of bank breaches

Malicious attachments and links, ShellShock and Denial of Service (DOS) attacks were the top three cyber threats facing the financial sector, which suffered having 20 million records breached last year, according to a new study released by IBM.

The study, which was conducted by the Ponemon Institute for IBM, said the average cost per lost record was $170 with the average data breach costing a bank or financial institution $3.79 million. And one of the prime causes is human error.

The report found 18 percent of the attacks resulted from employees specifically clicking on a dangerous link or falling prey to one of the advanced social engineering tricks being used and opening a malicious email attachment. When other forms of human error are included the total number of attacks to people hits 25 percent.

Another 18 percent of the incidents centered on attackers using ShellShock, which exploits vulnerabilities found in the GNU Bash shell used in Linux, Solaris and the Mac OS.

DOS attacks were the third most prevalent types. While logic would dictate that anyone attacking a bank would be looking to make a financial score, Scott Craig, a threat researcher at IBM, wrote these attackers could be trying to score political points by shutting down a bank's operation. However, he did admit there could be a financial component to a DOS attack with the criminal looking for a payout to stop the assualt.

Even though human error is a huge problem. in general. the top root cause of data breaches within the financial sector was found by IBM to be malicious or criminal attacks. These comprised 47 percent of all attacks, with system glitches causing 29 percent of the breaches and human error 25 percent.

The biggest change IBM saw in financial sector internet crime is a 55 percent increase in attacks focused on extortion or the direct theft of money from the institution.


The study found a large shift in the type of trojans being employed with Dyre having been the most common in 2015, despite its use drying up starting last November. Dyre's usage was up 19 percent year over year and was used in 24 percent of all attacks. It is thought that Russian authorities took down the gang behind Dyre.

“We saw Dyre fall silent around November 18, 2015. This was not the first time the servers went quiet; we thought it was possible the gang was simply taking a ‘time out' it's not so uncommon to see that,” Limor Kessem, a researcher with IBM Security, told in an email Thursday. “But we have not seen Dyre come back, and have seen very few new infections, which could be chalked up to people opening spam emails late after they were sent.”

The next most popular trojans used were Neverquest and Bugat. In fourth place was Zeus, which had been the most widely used trojan in 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.