Sophisticated cyberattackers are using hidden tunnels to spy on financial firms and pilfer sensitive data and personally-identifiable information (PII) – and they're doing it at a higher rate than in other industries.
Researchers at Vectra discovered 23 hidden exfiltration tunnels disguised as encrypted web traffic for every 10,000 devices in the financial services sector compared to 11 tunnels per 10,000 in other industries overall, according to the company's 2018 Spotlight Report on financial services, which is based on analysis anonymized metadata from Vectra customers who agreed to share detection metrics.
Between August 2017 and January 2018, the Vectra detected an uptick in the number of hidden exfiltration tunnels posing as unencrypted web traffic in financial services from seven per 10,000 devices to 16.
“Attackers mimic and blend in with” behaviors related to users, applications and business models identified and profiled by different industries, said Chris Morales, Vectra's head of security analytics.
“It's not the behavior that surprises me” since financial services will always be a high-value target to attackers "but it's the frequency of that behavior,” said Morales.
Even heavy investments in security and “really restricted networks,” don't make the financial industry immune to hidden tunnel attacks, that they simply may not be aware of.
“They have a hard time answering if they even know tunnels exist,” said Morales, who commended financial companies for the work they've done so far and suggested they take a lifecycle approach to tracking behavior and attacks.