The modern bank heist has escalated to a hostage situation over the past year. The new goal of attackers is now to hijack a financial institution's digital infrastructure and to leverage that infrastructure against a bank's constituents. Because the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming a lot more destructive and sophisticated than ever before.
In the fourth annual Modern Bank Heists report, we interviewed 126 CISOs, representing some of the world's largest financial institutions, regarding their experiences with cybercrime campaigns. Because of the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they're facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality could be attributed to the organized nature of cybercrime cartels and also the dramatic increase in sophisticated cyberattacks. The goal of this year's report was to understand how offense should inform the financial sector's defense.
Here's an introduction to some key findings:
- From heist to hostage: 38%* of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interdependencies of the sector and notice that they can hijack the digital transformation from the financial institution to attack their customers. They will use brand trust (often times trust which has been built up over hundreds of years) from the bank's constituents by commandeering its assets. *Note: This excludes SolarWinds.
- Increased geopolitical tension and counter IR triggering destructive attacks: There's been a 118% rise in destructive attacks as we see geopolitical tension engage in in cyberspace. Russia, China and also the U.S. underground posed the best concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks being an escalation to burn the evidence as part of a counter incident response.
- The digitization of insider trading: 51% of financial institutions experienced attacks targeting market strategies. This enables for the digitization of insider trading and skill to front-run the market, which aligns using the strategies of economic espionage.
- Cybercriminals launch Chronos attacks: 41% of monetary institutions observed the manipulation of time stamps. This is occurring inside a sector that's incredibly dependent on time given the nature of its business. Because there's no way to insulate the integrity of your time once deployed in a time stamp fashion, this Chronos attack is very pernicious.
As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.
These groups have become national assets for that nation-states who offer them protection and power. Together with this, we've seen traditional crime groups digitize over the past year as the pandemic hampered them from working as usual. This has popularized the of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are actually more powerful than their traditional organized crime counterparts.
So, how should the financial industry respond? To start, here are a few strategies for security teams:
- Conduct weekly threat hunting and normalize it as a best practice to fuel threat intelligence. I was happy to hear from the CISOs we spoke with that 48% already conduct weekly threat hunts.
- Integrate your network detection and response with your end-point protection platforms.
- Apply \”Just in time\” administration.
- Deploy workload security.
The game has changed, and so must the financial sector's security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 ought to be the year that CISOs report directly to the CEO and be given greater authority and resources.
Bob Parisi, Head of Cyber Solutions – The united states, Munich Re, echoed the importance of up leveling the function of the CISO as cyberattacks surge: \”The report's findings around a heightened level of destructive attacks and island hopping makes it clear that financial institutions remain in the crosshairs. VMware's recommendation that CISOs should be elevated to C-level aligns with the fact that cyber risk is definitely an operational risk that needs to be managed across a spectrum of technology, process and people, including the use of financial instruments like cyber insurance.\”
It's no longer a matter of if, but when \”the next SolarWinds\” will occur. Consequently, cybersecurity must be viewed as a functionality of economic versus an expense. Trust and confidence within the safety and soundness in the financial sector will depend on it.
To learn more, download the full report.