Cybercriminals Step Up Malware Attacks Against Financial Firms
According to a 2019 report, 25 percent of all malware attacks are aimed at banks and other financial services organizations — more than any other industry.
It’s hardly news, of course, that financial services firms are prime targets for cyberattackers. In fact, with the data and financial assets they are entrusted with safeguarding, it would be shocking if banks and other financial institutions weren’t facing constant intrusion attempts. Still, it’s important for business and IT leaders in the financial services sector to stay up to speed on the exact nature of the threat they’re facing.
Here are some need-to-know facts about the current state of the cybersecurity landscape in financial services.
Breaches and Attacks Are Up Against Credit Card Companies
In 2019, financial services firms reported huge year-over-year increases in the number of attacks, breaches and data thefts, according to an April report from cyberthreat intelligence company IntSights. The number of compromised credit cards was up 212 percent, credential leaks increased 129 percent and malicious apps grew in number by 102 percent.
The author of the report, Hadar Rosenberg, told Forbes that threats are growing not only in number, but also in sophistication. “Around the globe, banks are seeing more frequent and more aggressive cyberattacks, and the severity and sophistication of these attacks are increasing all the time,” Hadar said.
Financial Fraud Is Going Social with Stolen Information
Earlier this year, researchers from Cisco Talos reported that they had compiled a list of 74 different Facebook groups whose members promised to carry out “an array of questionable cyber dirty deeds,” including the selling and trading of stolen bank and credit card information, the theft and sale of account credentials from a variety of websites, and email spamming tools and services. Those 74 groups had about 385,000 members total.
“These Facebook groups are quite easy to locate for anyone possessing a Facebook account,” Talos researchers wrote in an April blog post. “A simple search for groups containing keywords such as ‘spam,’ ‘carding,’ or ‘CVV’ will typically return multiple results. Of course, once one or more of these groups has been joined, Facebook’s own algorithms will often suggest similar groups, making new criminal hangouts even easier to find.”
Talos tried to take down the groups through Facebook’s abuse reporting function. While some groups were wiped out after the abuse reports, other groups only had specific posts removed until Talos directly contacted Facebook’s security team. “New groups continue to pop up, and some are still active as of the date of publishing,” the researchers noted.
Federal Government Takes Notice of Financial Crimes
The SEC’s Office of Compliance Inspections and Examinations highlighted cybersecurity as a priority in 2019. And, during the first half of the year, the office issued three risk alerts to financial advisers pertaining to the use of social media, remote email, customer data privacy and cloud-based storage.
Banks Invest in Solutions to Combat Breaches
News reports peg the cost of the data breach that hit Equifax in 2017 at over $600 million. With so much at stake, financial institutions are stepping up their cybersecurity investments to combat the growing threat of malware and social engineering attacks. According to a May report from Deloitte, financial institutions are spending an average of $2,300 per full-time employee on cybersecurity, with some firms paying as much as $3,000 per year. However, the report warns that even highly mature companies need to continue to improve and adapt to the changing cybersecurity landscape.
“Achieving excellence in cybersecurity will … likely remain an ongoing journey, with many twists and turns, rather than an ultimate destination,” the report states. “Cyberattacks continue to be bolder and more sophisticated, challenging financial institutions to respond in kind. Companies will need to continuously upgrade their capabilities — both human and technological — to remain secure, vigilant, and resilient.”
