The financial sector remains a major target for hackers

According to VMware reports, cybercriminals are moving from telephony fraud to targeting market data, and ransomware continues to hit financial companies.

The target does not change, but the method does. According to VMware’s latest Modern Bank Heists report, financial institutions have faced increasingly complex cyber threats in recent years, and cybercriminal organizations are constantly evolving. In fact, these groups were originally focused on wire transfer fraud, but are now targeting market strategies, hijacking securities firm accounts and breaking into banks, VMware said in a report. We interviewed 130 CISOs and industry security leaders in different regions, including North America. Europe, Asia Pacific, Latin America, Africa.

His findings support the observations of other security experts. “Intelligence services have seen the evolution and increase of complex cyber fraud as part of a research mission to protect the country’s payment systems and financial infrastructure,” said Jeremy Sheridan, former Deputy Director of Secret Services. I am saying. “Permanent flaws in the security of systems connected to the Internet offer opportunities and methodologies,” he added.

The most popular continuum ransomware

Ransomware remains a corporate concern. And there is a good reason. Seventy-four percent of the security managers surveyed said they had been attacked more than once in the past year, and 63% said they had to pay the ransom. Conti ransomware has proven to be the most popular. 63% of respondents admit that cybercriminals have experienced “disruptive attacks” that destroy data and evidence of intrusion, up 17% from last year. These attacks include malware variants that destroy, destroy, or degrade the victim’s system by encrypting files, deleting data, destroying hard drives, interrupting connections, or executing malicious code. It will be.

While 71% of survey respondents saw an increase in wire transfer fraud internally, many say cybercriminals are now trying to access private market information. Two of the three financial institutions (66%) have experienced attacks targeting data related to market strategy. Tom Kellermann, VMware’s Chief Cyber ​​Security Strategy Officer, said: “Modern market manipulation is in line with economic espionage and can be used to digitize insider trading,” he added.

Increased attacks on timestamps and attacks through MSP partners

In addition, 63% of security officials at the financial institutions surveyed say that brokerage account hijacking has increased from 41% last year. Attackers are increasingly using compromised login credentials to roam the network and access intermediary accounts. Survey respondents also said they observed a Kronos-type attack, a term borrowed from the Greek god of time, including manipulating time stamps of corporate behavior. 77% of financial institutions reported Kronos attacks, and 44% of these attacks were aimed at market position. “Even if the extent of the damage caused by the Kronos attack is not significant, the manipulation of timestamps undermines the security, integrity and credibility of the financial sector,” Kellerman said. “Financial institutions need to carefully monitor time stamps to ensure that security teams are ready to protect time integrity.”

So-called “island hopping” attacks have become one of the most threatening trends, with 60% of the financial institutions surveyed being victims of this type of attack, up 58% from last year. As part of these attacks, cybercriminals investigate the interdependence of financial institutions to identify the managed service provider (MSP) being used. Therefore, you can target these companies and reach their target banks through Island Hopping. Another major concern in recent years has been the issue of cryptocurrency exchange, with approximately 83% of respondents expressing security concerns.

What are financial companies’ defenses against CISOs?

The report recommends several solutions for CISOs and security officers to defend against these attacks.

-NDR and EDR integration: Network detection and response (NDR) should be integrated with endpoint detection and response (EDR) to continuously monitor the system in real time to detect and analyze potential threats. I have.

-Apply micro-segmentation. Applying trust boundaries to limit lateral movement improves detection.

-Deploy decoy: Use deception techniques to divert intruders.

-Implementation of DevSecOps and API security: Introduce security early in the application development life cycle.

-Vulnerability management automation: Prioritize risks and focus on high-risk vulnerabilities.

“We need to invest in API and workload security, and we need more interaction between our monitoring and information security teams to block the use of transactional information, also known as digital frontrunning,” VMware Cyber ​​said. The person responsible for the security strategy said. “The CISO also needs to report to the CEO and notify the Board of Directors on a regular basis to ensure the liquidity and transparency of the discussion.”