The modern bank heist is an endgame for financial institutions
Financial institutions continue to be heavily targeted by cyberattacks. Despite increasing their cybersecurity protections, the changing and evolving tactics of cybercriminals are making it harder for financial institutions to remain secure.
According to VMware’s fifth annual Modern Bank Heists Report, 63% of financial institutions admitted experiencing an increase in destructive attacks, with cybercriminals leveraging this method as a means to burn evidence as part of counter incident response. Additionally, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom.
The report highlights the issues the financial industry’s CIOs and security leaders face, especially on the changing behavior of cybercriminal cartels, including the defensive shift of the financial sector. As financial institutions face increased destructive attacks and fall victim to ransomware more than in previous years, sophisticated cybercrime cartels are also evolving beyond wire transfer fraud to now target market strategies, take over brokerage accounts, and island-hop into banks.
Another interesting finding from the report is that once cybercriminals gain access to a financial organization, they’re no longer after wire transfers or access to capital as traditionally assumed. Instead, cybercriminal cartels are now seeking nonpublic market information, such as earnings estimates, public offerings, and significant transactions.
“What exactly are these cybercrime cartels looking for? We’re witnessing an evolution from a bank heist to economic espionage, where cybercriminals target corporate information or strategies that can affect the share price of a company as soon as it becomes public,” wrote Tom Kellermann, head of the cybersecurity strategy at VMware in a blog post.
In fact, 2 out of 3 (66%) financial institutions experienced attacks that targeted market strategies. This modern market manipulation aligns with economic espionage and can be used to digitize insider trading. When asked about the nation-state actors behind these attacks, the majority of financial instructions stated that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.
For Kellermann, security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilizing wipers and Remote Access Tools (RATs), and a record-breaking year of Zero-Day exploits.
“Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector. Collaboration between the cybersecurity community, government entities, and the financial sector are paramount to combat these emerging, increasing threats,” commented Kellerman.
VMware’s 2022 Modern Bank Heists Report also showed that 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. The increase represents a new era of a conspiracy whereby hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome.
At the same time, 67% of financial institutions observed the manipulation of timestamps, an attack called Chronos named after the god of time in Greek mythology. Notably, 44% of Chronos attacks targeted market positions.
Crypto is still a concern for financial institutions
83% are also concerned with the security of cryptocurrency exchanges. The advantage for cybercriminals of targeting cryptocurrency exchanges is that successful attacks can be immediately and directly turned into cybercash.
As such, Rick McElroy, principal cybersecurity strategist at VMware pointed out that consumers often treat cryptocurrencies as not real currencies, when they actually are. He explained that people trust exchanges that are new to the game even though they aren’t providing adequate protection to their currency or even their own admin accounts.
“In a crypto-based world, consumers should assume a certain level of responsibility in the protection of their cryptocurrency. There are no assurances that cybercriminals won’t target the exchanges, the warm wallets, or cold storage. Assume wherever the money is, there will also be criminals trying to steal it,” said McElroy.
With cryptocurrencies still not having proper regulations, the report also stated that it has been easy for cybercriminals to cash in with nefarious exchanges and virtual currency fueling the surge in modern-day attacks, especially amid current geopolitical tensions. Eventually, the goal should be for any illicit funds seized under coordinated government action to be redeployed to help fund the protection of critical infrastructure from cyberattacks.
With that said, the findings also showed that the majority of financial institutions plan to increase their budget by 20 to 30% this year. Top investment priorities include extended detection and response, workload security, and mobile security
51% of financial institutions are also conducting weekly threat hunts. The key difference between threat hunting and incident response is that threat hunting is proactive, whereas the incident response is reactive. Threat hunting focuses on the pursuit of attacks and the evidence attackers leave behind.
“As security leaders, we know that a strong defense is the best offense. Modern threat hunting every week should be adopted as a best practice to help security teams detect behavioral anomalies, as adversaries can maintain clandestine persistence in an organization’s system,” stated Kellerman.