Financial Services Sector Witnessing Increased Attacks

The ongoing penetration of tech in the finance sector, mostly for improving productivity and reducing transaction costs, has also given rise to various cyber threats and challenges. This pandemic is only adding to the security woes for the sector.

What happened recently?

The cybercriminals community is more synchronized than ever, and proactively uses the collective innovation of malicious code and TTPs for targeted attacks.
  • Maze ransomware operators published the encrypted version of 240 credit card details stolen from the Bank of Costa Rica (BCR).
  • Banco de Costa Rica, one of the most powerful state-owned commercial banks, was attacked twice in eight months by the same ransomware operators—Maze, leading to stealing of 11 million credit card credentials.
  • The second attack, however, happened due to the bank not securing its network after the first attack, as claimed by the attacker group. Threatening to put the data for sale on the dark web, the group posted encrypted details of the credit cards.

Leading banks expose database: Report

In a recent survey by Reposify, security experts measured the prevalence of exposed sensitive assets for large banks. Here’s what they found:
  • 23% of banks worldwide had at least one misconfigured database exposed to the internet, resulting in potential data leakage issues.
  • 54% of the banks had one or more RDP exposed to the internet.
  • 31% of banks had at least one remote code execution vulnerability, which could allow attackers to execute arbitrary code on a target system.

It’s raining attacks for the financial services sector

  • Just two weeks back, experts at VMware Carbon Black reported a 238% surge in cyberattacks against banks.
  • Researchers at Proofpoint disclosed banking malware campaigns targeting users in the US, Canada, Germany, Poland, and Australia, with COVID-19 lures to spread the ZLoader trojan.
  • Last month, there was a spree of ransomware attacks on financial services sector vendors—including Pitney Bowes, Finastra, Diebold Nixdorf, and Cognizant. Cognizant and Pitney Bowes were hit by the Maze attackers. The attackers called their attacks as virtuous: purposed toward drawing the attention of people to security lapses in the banking industry.
  • IBM X-Force researchers reported a new Android banking Trojan, dubbed Banker[.]BR in the third week of April. It was targeting users in countries that speak Spanish and Portuguese, namely Spain, Portugal, Brazil, and other parts of Latin America.
  • In March, Group-IB discovered Gustuff Android banking trojan targeting over 100 banking apps and 32 cryptocurrency apps.

The bottom line

The combined growth of banking and mobile technologies has served cybercriminals with an ever-expanding attack surface. Financial service organizations must remain vigilant of these evolving threats leveraging threat intel sharing.