Cybercriminals select their targets based on maximum revenue and maximum impact. The financial industry meets both requirements, storing and exchanging highly critical data that cybercriminals can monetize in various ways.
Keeping up with the latest attack methods is vital to fighting cybercrime in finance. To do so, you must understand the most prevalent attacks on banking and finance companies.
Social Engineering Attacks
Finance industries are the leading targets for cyber attack because it keeps incredibly sensitive information in electronic form, including credit card data, bank accounts, estates and wills, and title and mortgage documents. Its heightened use of technology to increase customer contact points, facilitate remote work practices, and various other objectives make it an attractive target for cybercriminals.
The majority of cyberattacks that threaten financial institutions involve a combination of social engineering tactics, hacking, and malware. These techniques trick employees into providing information that leads to reconnaissance, gaining access to systems or performing criminal behaviors such as fraud.
One of the most common examples is a fraudulent email that impersonates a trusted source to compel victims to reveal sensitive information, click a malicious link or open a harmful document. These are known as phishing attacks and account for 93% of data breaches, according to Webroot’s 2018 annual report.
Other forms of social engineering exploits include calls that trick victims into divulging information over a landline or mobile phone or those that are disguised as emergency requests for help. For example, a friend in country X has been robbed and beaten and asks for money to get home.
Attackers may also use social engineering to gain physical access to a company by tailgating an authenticated employee or piggybacking onto them as they enter the building. They can then tamper with payment documentation or other critical systems.
Targeted Attacks
Financial services organizations have a lot of valuable data in the form of personal information, and it’s an attractive target for cybercriminals. This data is often sold on the dark web or used to make money through phishing or ransomware attacks.
Attackers also use tools like automated systems, which scan for potential vulnerabilities and exploit them as quickly as possible. These computerized attacks are increasing, but hackers also use targeted attacks to gain unauthorized access to a computer or network. For example, they may infect removable media (flash drives or USBs) with malware that allows attackers to control a computer or other connected devices. This will enable them to steal passwords, credit card numbers and other sensitive data or launch attacks such as DDoS and credential stuffing.
When defending against these threats, understanding why they’re targeting financial services is key. This enables businesses to raise effective defenses.
For instance, some attackers are motivated by stealing credentials for the SWIFT system that allows them to transfer funds. Others want to monetize their attack by manipulating account balances and ATM withdrawal limits, then dispatching money mules to take out the stolen cash.
Ransomware Attacks
Attackers use ransomware attacks to extort payment to access systems, such as banking IT infrastructures, customer accounts or payment portals. They may target multiple systems to spread the malware and avoid putting pressure on security teams to deal with a single issue quickly. They are also increasingly prompting victims to pay using cryptocurrencies, such as Bitcoin, that are nearly impossible to trace and help cybercriminals stay anonymous.
Many cyberattacks begin with software vulnerabilities that threat actors exploit using an exploit kit, a collection of tools designed to scan through connected devices for vulnerability targets. This enables them to download a malware payload that can provide remote access to an environment and deploy other malicious programs.
The high value of the data held by financial services firms makes them a target for ransomware gangs. Threat actors reinvest a significant portion of their profits into developing more sophisticated malware and computer infrastructure that is increasingly capable of bypassing existing security controls.
Despite FBI advice to never pay ransoms, financial services firms face enormous reputational damage when they comply with threat actor demands. In addition, they must reinvest in costly remediation efforts and implement mitigation strategies to defend against future attacks. This makes them a desirable target for attackers. The risks are heightened as the industry undergoes a radical digital transformation, and work-from-home arrangements become the norm.
Business Email Compromise
The financial industry is especially vulnerable to cyberattacks. Attackers exploit weaknesses in systems and processes and then leverage tools such as phishing, malware or email compromise to get a foothold inside the organization. Once they do, they can steal funds or information.
Business email compromise, or BEC, is an attack that aims to impersonate senior executives or other high-profile individuals to steal money or sensitive information. The attackers typically target employees with access to the company’s finances and attempt to trick them into transferring money into a fraudulent account. In 2019, BEC was responsible for more than $1.77 billion in losses and was one of the top cyber insurance claims.
In a typical attack, an attacker will send a spoofed email from the CEO, attorney, or other executive that appears to request payments or funds. The email often includes a phony document or message requesting funds be wired to a specific bank account, which the attacker controls. These attacks can be particularly effective because many employees assume that a high-level executive is directing them and won’t question the request.
Attackers also use spoofed emails to impersonate the accounts payable department and obtain invoices. They can then copy the details of a legitimate invoice and send it to a customer with an altered SWIFT number that leads the customer to believe they’re paying their company when the money is being transferred directly into the fraudster’s account.