Three cyber threats targeting financial services companies
Cybercriminals continue to target the financial services industry to steal payment card data, online banking accounts, and to compromise ATM machines using ransomware, crypto mining, and other malware.
But defending against this is made more difficult due to challenges such as blending new technology with legacy systems while meeting evolving compliance standards.
A recent Fortinet Threat Landscape Report highlights threats targeted at a number of industries, including financial services.
Let's take a look at the three threats which most stood out in the report:
1. Silence Group is a criminal enterprise. They primarily target financial institutions in Russia and eastern Europe, the infrastructure they rely on to support their criminal activities has expanded to include Australia, Canada, France, Ireland, Spain, Sweden, and the United States.
At the same time, Silence Group has grown more sophisticated. They leveraged pre-installed and publicly available tools such as PowerShell, allowing them to accelerate lateral movement across a network while enhancing evasiveness because they use processes the network has already identified as legitimate.
In another attack, the Silence Group used a spear phishing strategy to compromise banks to gather financial data and enable the remote withdrawal of money from ATMs, an attack known as “Jackpotting.”
2. Another criminal team, known as Emotet, launched several new campaigns during Q1 of 2019 using information-stealing, ransomware, and banking Trojan modules. It was one of three most-seen botnets in Latin America and the Caribbean in Q4 of 2018.
Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting private and public financial institutions around the world.
3.mAnother serious development is a shift away from random attacks toward things like tailored ransomware. One recent example is Lockergoger, a ransomware variant that surfaced early this year.
Despite causing severe disruption to financial targets in Europe and the United States through attacks informed by research and due diligence, researchers have pointed out the end goal of these attacks was not extortion. There is still not a clear understanding of motivation.
What is clear is that these highly targeted attacks, especially when combined with advanced tactics, help cybercriminals evade detection, bypass security sensors, and achieve their goals with little to no recourse from their targets.
Cybercriminals continue to modify their attack strategies to increase accuracy and achieve their primary goals. For the financial services industry, this can result in the targeting of online banking accounts, payment cards, and even ATM machines.
In order to defend against these sophisticated threats, financial institutions must rely on threat intelligence and advanced behavioural and system analytics in order to identify threats and circumvent the impact of these new targeted cyberattacks.
This article was written by Anthony Giandomenico, Senior Security Strategist at Fortinet