Regardless of who the ultimate victim of a cyberattack is, the end goal of most cyber events continues to be financial gain. And one of the fastest paths to financial gain is capitalizing on the theft of information – something that the financial services industry has in spades.
When you hear of stolen credit card or banking data, or the selling of PII on the dark web, that theft began with a malicious actor taking advantage of someone or some organization associated with the Financial Services sector. Cybercrime is a rising concern in the financial services industry. Let’s take a look at what financial institutions need to know about the current threat landscape.
According to our recent Threat Landscape Report, over one-quarter of organizations experienced a mobile malware attack in Q3 of 2018, with the vast majority of those attacks targeting or originating from devices running the Android operating system. In fact, of all the threats organizations faced last quarter from all attack vectors, 14% were Android-related. By comparison, only .000311% of threats were targeted to Apple iOS.
Exploits targeting banking apps on mobile devices, for example, are a significant part of this growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device but can be used to collect personal banking information using phishing apps, intercept data moving between a user and his or her online bank and monitor financial transactions when purchasing goods or services online. The malware known as “Android.banker.A2f8a,” for example, targeted more than 200 different banking apps to steal login credentials, hijack SMSs, and upload contact lists and other data onto a malicious server. It also displayed an overlay screen on top of legitimate apps to capture additional information.
These apps aren’t just being downloaded from risky sites. Between August and October of this year, 29 banking Trojans masquerading as legitimate apps were removed from the Google Play store, but only after they had been installed by over 30,000 users. But even that is only part of the exposure. Compromised devices are also becoming a gateway through which the larger financial services network can be exploited.
Cryptojacking has become a gateway for other attacks. In many industries, including financial services, cryptojacking has leapfrogged ransomware as the malware of choice. While ransomware continues to be a serious concern for financial networks, the number of unique cryptojacking signatures nearly doubled in the past year, and the number of platforms compromised by cryptojacking jumped 38%. Perpetrators include advanced attackers using customized malware, as well as “as-a-service” options available on the dark web for novice criminals. Although cryptojacking is often considered to be a nuisance threat that only hijacks unused CPU cycles, a growing number of new attack techniques include disabling essential security functions on devices, thereby enabling cryptojacking to actually become a gateway for additional attacks.
While encrypted traffic has always been a staple of financial organizations, it now represents an unprecedented 72% of all network traffic, up from 55% just one year ago. And while encryption can certainly help protect data and transactions, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of most legacy security solutions continue to limit the ability of organizations to inspect encrypted data at network speeds. As a result, rather than attempting to slow down time-sensitive financial transactions, a growing percentage of this traffic is simply not being adequately analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
Botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organization increased 34% during Q3, rising from 7.6 to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting IoT and other devices that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected. The importance of consistent security hygiene remains vital to addressing the total scope of these attacks, as many botnets can go dormant upon detection, only to return after normal business operations have resumed if the root cause or “patient zero” has not been rooted out.
The challenge facing many financial organizations is that new digital transformation efforts have spread security resources thin, restricting visibility and fragmenting the controls of many IT teams. Addressing these latest attack vectors includes:
In addition, some major banks have begun adding things like biometrics to their applications to protect consumers and better secure data and transactions. In addition, organizations should regularly scan the internet for fraudulent applications, warn consumers when they are found, and apply pressure on application stores to remove them from their inventories.
Cybersecurity challenges continue to grow, and financial institutions– especially those in the midst of digital transformation efforts – are being highly targeted by cybercriminals. Commercial Banks, Credit Unions, Stock Brokerage Firms, Asset Management Firms, and Insurance Companies that support digital transactions through mobile apps are increasingly being targeted and exploited by malicious criminals. At the same time, they are suffering the same challenges as other organizations, including figuring out how to inspect and secure the growing volume of encrypted traffic, battling the persistence of botnets, and addressing new malware trends such as cryptojacking.
To successfully address today’s challenges, the security teams of financial services organizations must rethink their strategies, from automating their security hygiene measures to replacing isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.
This blog originally appeared as a byline in Global Banking and Finance Review.
Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio. Sign up for our weekly FortiGuard Threat Brief. Read about the FortiGuard Security Rating Service, which provides security audits and best practices.