Financial services are a high target for cyberattackers. The reason is easy to understand: attackers follow the money.
Most work in this sector, which includes insurance, investment, and consulting, consists of working with funds, sensitive data, and personal information. According to IBM, cyberattacks in the financial sector can cost an average of $3.86 million and took an average of 207 days to identify. Attackers getting hold of a financial system can easily steal clients’ information, hold critical data on ransom or directly extract funds and redirect payments.
Read on to discover the top cyber threats for financial and insurance services seen in 2021.
What is banking malware and how does it work?
Banking malware is a malicious computer program to gain access to confidential information on online banking systems. The most popular are banking trojans, which present as innocent applications, but they try to steal information.
Most banking malware is built with a backdoor, which gives malicious actors a way to access a computer. This malware hides its malicious intent via several methods. They may have dormant capabilities that start with a remote order, hide components in other files, or use obfuscation tactics. In other cases, they’ll spoof a financial institution’s login webpage.
Phishing Attacks and the Financial Services Industry
Many attacks start with phishing, which is used to infiltrate the system and steal information or drop malware like a trojan. In general, one of the most common techniques uses phishing emails with attached malicious files that deliver the first stage of the attack. Taking advantage of fears and uncertainty in 2020, many attackers used COVID-19 as a “lure” to get susceptible employees (and customers) to open a phishing email and click the malicious link. Other examples of recent phishing attacks have used B2B or political phishing emails to trick users into clicking the links.
Spear phishing targets financial officers or executives with high-clearance permissions, with a malicious email luring the recipient into clicking a link that leads to a fake website. The victim is tricked into entering their name and password, and the attacker gains hold of their credentials.
Once the attacker has access to the account, they can do whatever they want, like collecting sensitive information about clients, redirecting payments, and extracting data.
What are the most common threats to finance and insurance?
The increase of ransomware threats makes this threat the top of the list for all industries, financial services included. Ransomware attacks use malware to encrypt critical files and restrict access to systems and data until the victim’s organization pays a ransom.
These attacks usually begin with social engineering techniques, such as phishing. In other cases, they exploit existing vulnerabilities. A common variation of this attack method is hijacking the files and threatening to publish them.
Recent examples of ransomware attacks:
- AXA, one of the largest insurance companies in Europe, was hit by ransomware in 2021 attributed to the Russian-based group Avaddon. The attackers not only encrypt the data but also exfiltrate it.
- CNA, one of America’s largest insurance companies, was attacked in March 2021 by a ransomware group called Phoenix. The group stole a significant amount of data and demanded a $40 million ransom which CNA agreed to pay.
Attackers not only target large enterprises. In May 2021, a small accounting firm in Toronto, Canada, was the victim of a ransomware attack. Their servers were encrypted, and the attackers threatened to publish 5GB of personal and financial data if the firm didn’t pay the ransom. Small firms often relax their security protocols because they don’t think they would be targeted.
“We thought we were a small company and would not get hit,” said the company’s director.
Trojans have been around as a form of malware for decades. These days, banking trojans are evolving. They target Windows endpoints, commonly using TrickBot and Emotet variants as a means to spread and download other malware instead of just being a trojan. New malware variants continue to appear and exploit organizations, and the number of victims attacked by Emotet and delivered by using Trickbot reached 140,000. Emotet was the most successful malware of the 2020 and was impacting 7% of organizations. Despite law enforcement efforts to take down the bot, it was back in 2021, and the efforts to take it down continues.
Attackers often use malicious emails containing weaponized attachments to deliver Emotet. After Emotet exploits the system, it deploys other types of malware. Usually, it’s ransomware such as Conti, Ryuk, Cl0p.
- Threats that Target Mobile Devices
The wide adoption of mobile banking applications also causes a rise in trojan banking malware that targets vulnerable Android devices.
Anubis is an Android banking trojan malware targeting customers of many financial institutes, virtual payment services, and cryptocurrency wallets. The malware masquerades as a legitimate account management application on Google Play Store, but the malware exfiltrates the victim’s data for financial profit.
- RAT (Remote Access Tools)
Intezer’s research team discovered a sophisticated threat we called VermilionStrike. The threat is the re-implementation of Cobalt Strike Beacon (a popular red team tool for Windows) written from scratch, and it targets both Linux and Windows systems. The Linux version has been active in the wild since August 2021. It targets specific industries, including companies in the financial sector.
Protecting Financial Services from Cyberattacks
Because of the potential gains for attackers, financial firms will continue to be one of the top targets for cyber threats, along with other big industries like manufacturing and telecommunications. We’ve seen the cost of data breaches increase 10% just from 2020 to 2021, according to an IBM report. A data breach costs more than monetary loss. It involves the price for the investigation, regulatory fees and penalties, the cost of downtime, reputation damage, and more.
To protect themselves and the financial structure, banks and financial institutions are having to increase their investment in cybersecurity. Many companies rely on traditional cyber security measures to prevent attacks, but it is not enough to evolve faster than the threats they face. New malware versions appear constantly.
Therefore, it is crucial to understand the top type of threats that can target your industry and implement solutions that can give you the visibility, detection, and protection to stop them. It’s up to the security teams that work in the finance and insurance sector to find way to introduce automation and solutions that will keep them.