Industry Trends

Cloud-Based Malware Weather Forecast for Financial Firms

By Aamir Lakhani | April 13, 2018

The past few years have seen cloud adoption soar as organizations begin to fully understand the benefits that the cloud can offer in terms of storage, flexibility, scalability and cost savings. Organizations have just become comfortable with Software as a Service (SaaS) solutions, and the industry is poised to see a greater adoption of Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions in the next year, as well.

As digital transformation accelerates, consumers are demanding faster access to their data from any device. The cloud has enabled organizations to overcome bandwidth and storage limitations to provide these services.

Additionally, the explosion of new applications and connected IoT devices has created a wealth of data that, when analyzed, provides businesses with critical insights into consumer behaviors and interests, allowing them to create more customized offerings. Combined with the accelerated adoption of solutions across IaaS, PaaS and SaaS, the cloud is here to stay. However, this also means that cybercriminals will continue to attack the cloud.

Cloud Adoption in Financial Services


The financial services sector has been eager to adopt new technology that will enhance its ability to provide customized services and engage with consumers in real time. However, in such a regulated field, this is easier said than done. As lines of business within financial institutions are quick to adopt new services to improve efficiency, they are counting on IT to follow in order to ensure security and compliance.

The reality is that most major financial institutions these days are technology companies with financial offerings. Who doesn’t love online banking with check deposits, mobile payments and a host of other services that allow individuals to skip traditional financial institutions? Many of these new services and products would not be possible without resilient and agile software and technology adoption by the financial industry.

A recent instance of this is cloud adoption. Financial services firms have recently upped their usage of the cloud, especially in regard to SaaS cloud-based applications. Now financial IT teams must figure out how to reconcile cloud offerings with the strict rules and regulations within this vertical, as well as the industry’s reliance on legacy infrastructure such as mainframes.

Despite the apparent benefits that cloud computing can offer the finance industry, security concerns remain a roadblock when dealing with such sensitive data and strict regulations.

Moving data to the cloud means that it is stored on off-site servers rather than on-premise under the watchful eye of financial IT teams who have implemented industry-specific security controls.

One survey shows that data security and meeting compliance standards are the top two concerns that financial services firms face when considering the cloud. This concern is warranted, as cyber attacks against financial institutions have been increasing.

Cloud-Based Malware

One way that cybercriminals have been attempting to exploit enterprise technology recently is by proliferating malware through the cloud. Cybercriminals are now specifically targeting cloud-based applications as an entryway based on their widespread popularity.

There are a few popular ways to carry out such attacks. Cybercriminals attack the cloud by targeting at-risk endpoints. When the endpoint connects to the cloud network, the malware can then be uploaded, putting the data stored within the cloud at risk of breach.

Additionally, ransomware is becoming more common in cloud environments. This might happen when an employee with access to their cloud network falls for a phishing scam and clicks on a malicious link, thereby infecting their device with ransomware.

According to the Q4 2017 Fortinet Threat Landscape Report, there is growth in the volume and sophistication of ransomware. Two different strains of ransomware (Locky and GlobeImposter) landed at the top of the malware list at the same time. Malware that may have destroyed an individual’s data files now has the potential to destroy all the data for a global organization.

Cybercriminals have also been capitalizing on the level of trust afforded to many cloud-based applications. For example, if an organization is using a SaaS application, then network security controls have been programmed to permit traffic to and from that application. As a result, a compromised device or payload can use this privilege to break through perimeter defenses more easily.

Securing Against Cloud-Based Malware

To ensure that attacks on the cloud and SaaS applications are unsuccessful and do not hinder digital innovation, financial services firms should make sure they have the following three security controls in place.

1) Endpoint Security - As the number of IoT devices continues to grow and consumers request increased access to financial networks through mobile applications, endpoint security is integral to ensuring that devices which have been compromised cannot enter the network. As the cloud becomes a larger target, cybercriminals will attempt to access cloud networks through insecure devices brought on by IoT and BYOD. This includes not only deploying security on endpoints but also putting in place security controls that segment and control access to such devices, as well as hardening network access points.

2) Application Security - Applications have long been a favored attack vector of cybercriminals. With the rise of IoT and BYOD policies, it would be impossible for financial services firms to ensure that every single application connected to their network is secure. Application security controls use advanced threat protection technologies to make certain that both known and unknown vulnerabilities cannot be exploited. Application security controls also offer effective protection against things like DDoS attacks, which have the ability to knock financial services firms offline.

3) Cloud Security & CASBs - As financial services firms increase their use of the cloud, cloud-based security is paramount. To be effective, security solutions must be able to scale alongside the cloud infrastructure to make sure that no malicious traffic is allowed to enter or cross a cloud environment, even as it shifts and expands to accommodate changes in traffic.

Additionally, solutions should use internal segmentation across private, hybrid and public cloud environments to ensure that any threats that cross the perimeter are isolated to one segment of the network and thus unable to compromise the rest of the data.

Finally, financial services firms should be using CASBs (cloud access security brokers) whenever they deploy new SaaS applications. CASBs allow financial IT teams to stretch their own security policies into the cloud, while providing user behavior and activity monitoring.

Final Thoughts

Financial services firms aren’t ignoring the benefits offered by the cloud and cloud-based applications. As adoption grows in this critical space, however, cybercriminals continue to search for new ways to find and exploit vulnerabilities — which is why they are now turning to malware that specifically targets the cloud. This trend cannot be countered with traditional security solutions or strategies, as they are simply no longer sufficient for a digital-dependent organization.

To embrace the cloud while ensuring security and data privacy, financial services firms must deploy in-depth security measures to cover the proliferation of endpoint devices, free-ranging applications, and the elastic cloud infrastructure itself.

There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale.

Learn more about how Fortinet is securing financial services organizations.

Check out our latest Quarterly Threat Landscape Report for more details about recent threats.

Sign up for our weekly FortiGuard intel briefs or to be a part of our open beta of Fortinet’s FortiGuard Threat Intelligence Service.

Join the Discussion