Report: Banks, Financial Services Heavily Targeted by Cybercriminals

Cybercrime against the global banking and financial services (FSI) sector is increasing at a much faster rate than security or fraud teams can staff up on their own.

That’s according to the Banking & Financial Services Cyber Threat Landscape Report (April 2019) by IntSights. It identified a number of trends impacting the FSI sector based on terabytes of telemetry collected from the company’s enterprise threat intelligence and mitigation platform.

Hadar Rosenberg, threat intelligence research analyst at IntSights, tells us identifying attacks as early as possible gives organizations the best chance of stopping or mitigating the attack, so that’s how MSSPs and service provides should be positioning their solutions.

IntSight’s Hadar Rosenberg

“External visibility into threat activity is key to identifying attacks early,” she said. “For example, if you find a new batch of leaked credit cards on the dark web, there’s a good chance threat actors will begin testing those cards for fraudulent use. MSSPs should be monitoring for this activity and alerting their FSI customers accordingly, so they can take proactive action to issue new cards for the holders, which can help cut down on successful credit card fraud and show clear return on investment (ROI) for your services.”

FSI organizations were targeted in 25.7% of all malware attacks last year, more than any of the other 27 industries tracked. Instances of compromised credit cards increased by 212% year-over-year.

“While it’s no surprise that credit card leakage is rising, the rate at which it’s rising is quite interesting,” Rosenberg said. “You’d think it’d be a top priority for organizations to protect this kind of data, given how easy it is to commit fraud once credit card details are stolen, yet cybercriminals keep finding ways to get new credit card numbers at an alarming rate. I think this shows it’s the most successful way to make money online, given the abundance of credit card data available and the low risk to cybercriminals of getting caught.”

The report also shows a 129% year-over-year increase in credential leaks due to the Collection #1 leak, and a 102% year-over-year increase in malicious applications, including fraudulent mobile banking apps.

FSI organizations based in developing countries, namely in Latin America, Africa and South Asia, experienced attacks more frequently than developed regions of the world due to a lack of external facing security systems.

“The challenge for FSI organizations is that financial data leaks aren’t usually their fault (for example, POS malware installed at a retailer), yet they’re the ones typically paying the cost of the associated fraud,” Rosenberg said. “Therefore, you can’t focus entirely on building your perimeter. These organizations need external visibility into new threats that emerge online, so they can identify new attacks as early as possible and take appropriate mitigation action.”

FSI organizations are so heavily targeted because they’re so close to what cybercriminals are after the most, which is money, she said.

“We will definitely see them targeted more, both in terms of sophistication and frequency,” Rosenberg said. “When it comes to financial crime, it’s mostly a numbers game. The more stolen account numbers you can try to access, or phishing sites you can launch, the better your chances of success. I think ‘hacker automation’ (i.e. hacking tools and kits) will become more common in the coming years, enabling cybercriminals to run fraud campaigns faster without needing an advanced technical background.”