A survey of 126 top CISOs has unraveled how FSI cyberattackers have evolved along with various trends caused by the pandemic.
The financial services industry (FSI) has been in the gunsights of cybercriminals for a long time, with the global pandemic causing further acceleration of two opposing forces: digital transformation and cyberattacks.
In a recent survey of 126 of the top CISOs and security leaders of the sector, it has been concluded that cybercriminals are still focused on an important goal: to ‘chase the money’; but they are becoming more hostile. FSIs in the Asia Pacific region are being targeted by cybercrime cartels and state-sponsored hackers, raising the stakes from just pull off heists to holding assets hostage.
The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.
These are just some of the findings from the report by the VMware Security Business Unit. Other key observations are:
- The financial sector in the survey has seen a 118% increase in destructive attacks as geopolitical tensions play out in Cyberspace. Hackers are also starting to ‘burn the evidence’ after a successful attack. Russia, China and the U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
- 38%* of FSI respondents encountered island hopping attacks, which have emerged as the primary mode of attack in 2021. These occur when an organization’s information supply chain is commandeered to attack the institution from within its ‘trusted’ supply chain. This is a 13% increase from 2020. Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust (often times trust that has been built up over hundreds of years) against the bank’s constituents by commandeering its assets. (*Note: This excludes the SolarWinds attack.)
- 51% of FSI respondents experienced attacks targeting market strategies, which is essentially, economic espionage: this allows for the digitalization of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
- 41% of FSI respondents experienced an increase in brokerage account takeovers, meaning attackers can gather intel and make financial bets that give them the capability to massively influence markets. This is occurring within a sector that is incredibly dependent on time given the nature of its business. Because there is no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.
- 57% of FSI respondents saw an increase in wire transfer fraud. Whether through man-in-the-middle attacks, malicious insiders or phishing, attackers are committing wire transfer fraud because it is hard for cyber defenders to follow the money trail once complete.
- Attack groups have become national assets for the nation-states that offer them protection and power. In tandem with this, traditional crime groups have undergone digital transformation over the past year after the pandemic hampered them from conducting business as usual.
- Digitalization of attack groups has popularized the provision of turnkey services provided by the Dark Web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.
Know your enemies
According to the firm’s Head of Cybersecurity Strategy, Tom Kellermann, FSIs are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organized nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defense.
The report concludes that 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources. It is no longer a matter of if, but when ‘the next SolarWinds’ will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.