How Continuous Threat Exposure Management can Secure the Finance Sector
Organizations are becoming increasingly vulnerable to cyberattacks that risk the security and privacy of stakeholders and clients.
The financial services industry is a common target for cybercriminals, second to healthcare in the list of most cybersecurity attacks. This is because, as the proverb goes, “that’s where the money is”. Moreover, financial institutions like banks, credit card companies, and investment firms are entrusted with every customer and client’s personally identifiable information (PII).
This information includes sensitive data like, but not limited to – home address, banking credentials, social security numbers, contact numbers, email, and income information. Data like this sells at exceedingly high rates on the darknet.
Complex infrastructure built around vast amounts of data on the world’s population makes the finance sector a lucrative target for cybercriminals looking to leverage the vast attack surface of financial institutions to deliver ransomware, leak sensitive data or make unsolicited transactions.
This article analyzes the challenges faced by the finance sector, looks into a few cases of recent cyber attacks, and provides solutions to tackle the impending dangers.
Why do Cybercriminals Target Financial Institutions?
In 2021, it was recorded that the total assets of global financial institutions were valued at about 468.7 trillion US dollars. Over the years, cashless payments have consistently increased in this industry.
This is due to rising internet and mobile usage in developing nations and a global shift toward immediate payment mechanisms, which provide instant, real-time payments.
Technological advancements and implementation of internet banking, mobile applications, and online payments invariably increase a financial institution’s attack vector and introduce new vulnerabilities, which, if left unpatched, can lead to adverse consequences.
The surge of cyberattacks against financial services companies reflects the heightened use of technology in problem-solving and business operations.
Cybercriminals are attracted by the potential of extracting financial assets and massive amounts of sensitive data housed by financial institutions. This low-effort, high-reward nature, paired with the vast attack surface, motivates cybercriminals to target the finance industry actively.
Major Cyber attacks faced by the Finance Sector
The finance industry is always in the crosshairs of adversaries. Every 39 seconds, there is a new attack somewhere on the web. Financial institutions are no exception to this.
While minor attacks and attempts at offense are tackled with ease or cause little to no harm, sometimes, cybercriminals circumvent all defensive measures to hack their targets. The result of this is massive data breaches and financial theft. Below is a list of the major attacks on the financial sector in 2022.
CNA Ransomware Attack
CNA Financial, a US Insurance firm, suffered a ransomware attack on March 21, 2021, which prevented the company from providing employee and client services for three days. The insurance firm notified law enforcement to start additional investigations and hired external forensic specialists. Later, CNA disclosed that the attack exposed the personal information of over 75,000 people. Later, reports stated that the company paid a $40 million ransom.
New Zealand Stock Exchange DDoS Attack
On a Tuesday in August of 2020, the New Zealand Stock Exchange’s website slowed to a halt as a result of a devastating DDoS attack. The exchange couldn’t post market announcements as required by financial regulators since it was so severely throttled. Thus, with only an hour left for trading, management decided to stop everything. Attackers started focusing on the exchange’s individually listed companies until the exchange finally switched to cloud-based servers, putting its servers out of the attackers’ crosshair. A government inquiry concluded that trading at NZX was ultimately suspended for four days, with “only intermittent intervals of availability.”
Flagstar Bank Data Breach
One of the biggest mortgage servicers in the United States, Flagstar Bank, which has 150 branches, experienced a data breach after hackers obtained access to its clients’ personal data. Later, the hackers tried to extort money from the bank by publishing private information online.
Moscow Stock Exchange and Sberbank DDoS Attack
The largest lender in Russia, Sberbank, and the Moscow Stock Exchange experienced DDoS attacks on February 28, bringing their websites offline. The Ukrainian IT Army, a collective of hackers assembled by the Ukrainian government, claimed responsibility for the incidents.
Crypto.com 2-Factor Authentication Bypass Hack
On January 17, 2022, a prominent cryptocurrency exchange called Crypto.com was attacked by black hat hackers, which resulted in $35 million worth of illicit transactions of bitcoin and Ether. At least 483 user accounts were compromised. As a result, the exchange implemented stringent 2FA regulations and a fund restoration scheme for the victims.
Major Threats for Financial Institutions
Financial institutions are primarily targeted for the data they house and the potential for monetary theft. With each passing day, attackers are growing increasingly aggressive, scavenging for any loose ends in their target’s attack surface to cause a breach or steal data. Below you’ll find a list of all the current major threats faced by the financial sector.
Supply Chain Attacks
Financial Institutions often rely on external contractors for manufacturing infrastructure services and products. It is a conglomeration of numerous business partners cooperating to offer a coherent set of services.
Due to the introduction of multiple third-party vendors, the financial sector faces a significant problem in managing vendor risk. Every major, well-known financial service provider employs many smaller businesses that offer a wide range of commercial services. Identifying, auditing, and managing each of these businesses adds more cyber risk.
This introduces the risk of falling victim to a supply chain attack. An attacker just needs to infect a single weak link in the chain to poison the entire supply chain. The devastative nature of supply chain attacks can be better understood from the case of the SolarWinds hack of 2021.
Furthermore, because third-party vendors keep sensitive data for all of their clients, a single compromise might impact hundreds of businesses because suppliers typically don’t take cybersecurity as seriously as their clients, making it much easier to compromise them.
Ransomware Attacks
Ransomware seriously threatens the confidentiality, integrity, and availability of data.
The files and other information are often encrypted, access is blocked, and a ransom is demanded when a machine or equipment falls prey to ransomware.
In essence, the cybercriminal takes critical data as a hostage and demands a ransom to restore the data.
However, paying the ransom does not ensure that the data will be restored. Despite assurances by threat actors, even if the ransom is paid, the data may never be recovered.
To take a closer look at how devastating ransomware could be, we’ll have to go back to February 25, 2022, when the multinational professional services firm, Aon suffered a ransomware attack. Prior to this, the insurance giant CNA also suffered a ransomware attack in 2021 that led to them paying $40 million to avoid leakage of sensitive data and to obtain a decryptor to retrieve the data.
Phishing Campaigns
Targeted phishing campaigns take advantage of human error and often serve as an initial entry point for dropping malicious payloads like info stealers and ransomware.
Since a victim is individually targeted, they are more likely to fall for the phishing scheme and give away critical information by clicking on a malicious link or opening a harmful document.
A recent example of how compromising a single employee can lead to drastic breaches is the LastPass data breach, where bad actors compromised a single developer account and leveraged it to cause a massive data breach.
Phishing attacks are a major dilemma for companies to deal with. A staggering 74% of companies in the US reported falling victim to phishing attacks, and on a global scale, phishing cost an estimated 1.8 billion in business losses.
According to statistics, phishing attacks are the origin of over 90% of all successful cyberattacks, and this dreadful conversion rate is wreaking havoc on the financial sector.
Bank Drops
Cybercriminals make use of false bank accounts to launder money. These bank accounts are created with credentials of people obtained from a data breach. This sort of PII data is termed “fullz”, and it sells at high rates on the darknet. A person’s fullz data may consist of their name, photograph, contacts, email, social security number, home address, family bio, income information, and more.
These false bank accounts are called “bank drops” and are currently plaguing the financial sector as the hackers always seem to be a step ahead and circumvent all sorts of verification to check the validity and authenticity of a bank account.
Distributed Denial of Service (DDOS)
The three main principles of cyber security, called the CIA Triad, are confidentiality, availability, and integrity. Attacks that cause a Denial of Service (DoS) affect the availability of information resources.
In a Distributed Denial of Service (DDoS) attack, multiple systems (generally botnets) attempt to clog the flow of information by flooding the server with spam requests.
DDoS attacks are often used as a distraction to divert the security teams while the attackers execute other types of attacks, perhaps to access and steal confidential data. Cybercriminals can create fictitious burner accounts, acquire funds, and commit fraud by getting their hands on sensitive client data, such as financial credentials.
The worst DDoS attacks to ever hit Ukraine occurred on February 15, 2022, and they brought down the web page of the Ukrainian defense ministry as well as the banking and terminal services at several significant state-owned institutions.
Injection Attacks and Server Misconfigurations
Injection attacks happen when an adversary inputs harmful code or payload and gets the server to execute it. These attacks are successful due to improper input validation and the lack of input sanitization measures.
As per a report by Akamai Threat Research, 94% of cyber attacks on the financial sector happened via these attack vectors:
These are very basic security attacks that the institutions have failed to mitigate. This is truly astonishing, given the sensitivity of the data housed by financial institutions. This statistical data paints a clear picture of the dire need to upgrade the security stature of the finance sector.
A strong example of how devastating an injection attack could be is the CardSystems security breach, in which hackers obtained 263,000 consumer credit card details and leaked 40 million more by leveraging an SQL Injection vulnerability.
State-sponsored APT Groups
State-sponsored threat actors are the deadliest threats to telecom companies as they act aggressively and with strong motive, supported by resources of government or terrorist groups. Bad actors can remotely infiltrate the infrastructure and take control over physical components to influence critical elements and manipulate data. Moreover, they can acquire and dump sensitive information to be leveraged later for malicious activities. The DDoS attack on Moscow Stock Exchange and Sberbank is a good example of state-sponsored cyber aggression.
How Threat Exposure Management Can Secure Finance Sector
Threat Exposure Management (TEM) uses Risk Identification and Assessment to identify and patch vulnerabilities and secure potentially exploitable vectors. Enterprises can continually and consistently evaluate the visibility, accessibility, and vulnerability of an enterprise’s digital assets using five stages: scoping, discovery, prioritization, validation, and mobilization. TEM systems are scalable and can keep up with the pace of asset expansion by persistently monitoring the infrastructure for any unwanted change and mitigating newly-generated flaws that threaten the integrity of the infrastructure.
As the number of susceptible endpoints is reduced, your company’s attack surface is significantly minimized. Adopting a Continuous Threat Exposure Management (CTEM) program using a TEM solution like HivePro Uni5 is crucial to fortify financial institutions’ complex and high-value infrastructure and mount an active defensive measure against cyber criminals.
How HivePro Uni5 Can Secure the Finance Sector
HivePro Uni5 leverages Threat and Exposure Management to help organizations decrease their attack surface and shifts away from the notion of trying to “fix everything” in favor of fixing what matters with an emphasis on minimizing the attack surface and mitigating critical vulnerabilities.
HivePro Uni5 provides a genuine risk score for each vulnerability based on 20+ factors, including the threat actor landscape, industry vertical, geolocation, wormability, and exploitability, to mention a few. This helps businesses to decide what has to be patched immediately and what can wait until a later date.