Twenty-five CISOs of the world’s largest financial institutions have reported increasing sophistication and TTPs in their attacks on the sector.
Amid the COVID-19 surge, the financial sector has seen a staggering 238% increase in cyberattacks, and ransomware attacks have increased nine-fold since the beginning of February to the end of April, according to VMware Carbon Black’s data.
In its third annual finance-focused report which surveyed 25 CISOs of the world’s largest financial institutions, it was cited that 80% of surveyed financial institutions reported an increase in cyberattacks over the past 12 months, a 13% increase over 2019.
Also, 82% of respondents said cybercriminals had become more sophisticated, leveraging highly-targeted social engineering attacks and advanced tactics, techniques and procedures (TTP) for hiding malicious activity. These criminals exploit weaknesses in people, processes and technology to gain a foothold and persist in the network, enabling the ability to transfer funds and exfiltrate sensitive data.
Other notable findings of the ‘Modern Bank Heist’ report include:
- 27% of all cyberattacks in 2020 so far, have targeted either the healthcare sector or the financial sector.
- 64% of the 25 respondents reported increased attempts of wire fraud transfer, a 17% increase over 2019. These attacks were often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.
- 33% of respondents said they have encountered island hopping, an attack where supply chains and partners are commandeered to target the primary financial institution.
- 20% of surveyed financial institutions experienced a watering-hole attack during the past year. In these attacks, financial institution and bank regulation websites are hijacked and used to pollute visitors’ browsers. According to the report, this tactic is increasing as cybercriminals recognize the implicit trust consumers have in bank brands.
The report concluded that the financial sector is the most secure industry in the world, but it is also being targeted by cybercriminals and nation-states. As such, cybersecurity in this sector is now also a brand protection imperative.