FINANCIAL SERVICES CYBERSECURITY

A Varonis report from 2021 indicates that the average cost of a data breach in the financial services sector is US$ 5.85 million – about 30% higher than the average in all sectors. Importantly, it adds that a breach in financial services businesses is only detected and contained an average of 233 days after it had occurred – leaving the targeted organization exposed and vulnerable for many months.

This data highlights the importance of financial services cybersecurity in helping financial institutions avoid the cost of cybercrime. Cyberattacks are extremely costly not only in terms of direct financial losses; any harm to the financial institution’s image and loss of client trust will impact on its client base and cause heavy indirect financial losses as well.

The growing incidence of cyberattacks demonstrates the importance of financial services cybersecurity

Since the outbreak of the Covid-19 pandemic, in the first part of 2020 alone, 75% of banks and insurance groups experienced a rise in cybercrime (Cyber Talk). The number of recorded cyberattacks directed against financial firms and financial services organizations in this period increased by 238% (Fintech News). The US Department of Treasury’s Financial Crimes Enforcement Network reported in September 2020 that more than US$1 billion dollars were stolen from institutions each month.

Attacks on the financial sector, including banks, credit card companies, investment firms, etc., have not ended with the resumption of routine activity in the financial sector; on the contrary, this sector continues to be targeted relentlessly.

Major attacks that could have potentially been prevented with ACID’s financial services cybersecurity solution

• Tesorería General de la República, Chile: In early 2023, Chile’s Tesorería General de la República – the General Treasury of the Republic of Chile – was hacked. The perpetrators are believed to have stolen 600 GB of data. When the General Treasury announced that the attack did not affect its operation, the hackers quickly claimed that “hundreds of debts have been forgiven. Hundreds of rejections have been accepted.”
• Zacks Investment Research: In January 2023, Zacks announced that hackers had gained access to personal and sensitive information of 820,000 of its customers (names, addresses, email addresses, phone numbers and user passwords for the company’s website) sometime in the period between November 2021 and August 2022.
• TransUnion SA: In March 2022 it was reported that the South African credit bureau TransUnion SA suffered a ransomware attack. TransUnion’s investigation revealed that data relating to 5 million consumers was potentially affected, with a further 5.2 million consumers having had only ID numbers affected with no personal information linked to the ID number. 600,000 business organisations were also potentially affected.
• Full details of more than 1.22 million stolen credit cards with expiry dates between 2023 and 2025 were released into the dark web carding place BidenCash, along with the card holders’ names, social security numbers, street addresses, email addresses and phone numbers, as revealed by Cyber Security Hub in December 2022. Most of the victims were from the US, and the remaining from various countries around the world. It is assumed access to this information was gained through malware, hacking ecommerce sites and other vectors. Interestingly, the credit card details were released for free, possibly to promote BidenCash’s new domain, following several DDoS attacks that forced it to launch new URLs.

Some less recent (2021) major attacks that have been perpetrated against companies operating in the financial sector include:

• In Germany, a DoS attack on an IT firm working with local cooperative banks disrupted the operation of 800 financial institutions nationwide.
• Cyren Inc., an Internet security technology company, reported a 300% increase in phishing attacks against Chase Bank customers in the three-month period from May to August 2021.
• In a cyberattack on the American stock trading platform Robinhood, the hacker gained access to the personal data of some 7 million customers.
• AXA, the European insurance giant, was the victim of a ransomware attack, ironically, shortly after it announced in France that it would no longer cover damage from this type of attack.
• CNA Financial’s operation was disrupted for three days due to a ransomware attack.

Additionally, attacks on cryptocurrency companies are becoming more common:

• Bitmart, a crypto trading platform, suffered a crypto cyberattack that caused it to lose US$ 200 million in assets.
• In what seems to be one of the largest cryptocurrency thefts ever, hackers exploited a vulnerability in Poly Network (a platform aiming to connect different blockchains to enable them to work together) and stole more than US$ 600 million.

The solution: ACID’S financial services cybersecurity helps to protect from different types of cyberattacks

Common types of attacks against the financial sector include:

1. Social engineering
   Social engineering includes phishing attacks through emails, text messages or online ads; fraudware; and ‘favor for favor’ – a social engineering trick in which victims are encouraged to share confidential information in exchange for a service.
   
   According to a Deloitte survey, social engineering is considered the greatest threat faced by financial sector companies. Furthermore, research conducted by Cisco reveals that 43% of employees have made mistakes that could potentially leave an organization exposed to a cyber threat.

2. Malware
   Malware was widely used to attack financial organizations in 2021, with new malware samples being continuously developed, making this threat particularly challenging. Malware is also often used in unison with phishing emails, and is spread through mobile devices.

Some of the common features of malware targeting the financial sector are:

• Supply chain attacks that entice a user to install a fake, malware-infected software patch.
• Trojans relying on malicious Google Adsense campaigns, which target the banking sector.

3. Advanced Persistent Threat (APT) attacks
   In APT attacks, cybercriminals exploit the vulnerabilities of a targeted organization to establish a long-term presence in its network. They often infiltrate the financial organization’s internal system through spear phishing, then utilize backdoor malware to gain remote access and subsequently collect data on internal procedures and banking applications in preparation for exfiltration. The attacks typically result in the theft and encryption of data for ransom, or the theft of funds, as well as in harm to the organization’s reputation.
   

4. Island hopping
   ‘Island hopping’ is an attack which exploits vulnerabilities in the networks of an organization’s partner/s, instead of directly attacking the organization itself, in order to gain access to sensitive data.

The FS-ISAC’s (Financial Services Information Sharing and Analysis Center), in its Global Intelligence Office report titled Navigating Cyber 2022, predicted that in 2022 third-party risk, zero-day vulnerabilities, and ransomware groups will adapt to the changing cyber environment and continue to increase. 

ACID’s financial services cybersecurity solution provides valuable information

ACID implements AI algorithms and deploys clusters of bots that scan the clear, deep web and dark web 24/7/365 and multiple other sources, searching for information on attacks being planned, or signs indicating that they have already been launched. It uses client-specific keywords in several languages to produce the best results.

Upon detection of a threat, ACID fully discloses all the available information to the client and continues to provide updates as more details are revealed.

When the threat is detected on the dark web and deep web, ACID, aware that many organizations prefer to avoid accessing these areas of the Internet or are unable to do so, provides a screenshot of the threat. ACID clients share that their IT personnel find this feature of the solution exceedingly useful when preparing an effective response.

While ACID scans numerous, diverse sources 24/7/365, upon a specific request from clients, it can include additional sources that they are particularly interested in and scan those as well.

The detection of the types of attacks listed above, as well as others, helps financial organizations protect themselves from financial scams, fraud, direct theft, data theft, extortion and the opening of fake accounts and lines of credit.

ACID’s financial services cybersecurity – a cost-effective solution

As shown above, cybercriminals can employ many methods to attack financial institutions, and when successful, can cause potentially catastrophic harm, and even place the organization’s continued operation at risk.

A report titled ‘Modern Bank Heists 5.0’ published by the cloud computing and software provide VMware, based on a survey of conducted among 130 Chief Information Security Officers, states that 7 of 10 of the financial institutions spend up to 12% of their overall IT budget on security; however, the majority intended to increase their budget by 20% to 30% in 2022.

When weighing the cost of ACID’s cybersecurity solution for the financial sector against the resources an organization would need to invest in-house to achieve results that may not provide a comparable level of protection, leaves no doubt that ACID’s services are not only essential, but also highly useful for IT teams preparing effective countermeasures to detected threats. One feature found to be extremely valuable to them is a screenshot of the threat as found on the dark web, and not only the information it contains. Additionally, the ability to add sources that a particular client wishes to scan, if not already covered in ACID’s broad scope, provides important added value.

ACID Intelligence and DIP cost-effectively confront the increased risks faced by finance and banking institutions. Advance detection in the early stages of cyberattack planning, real-time reporting and continuous monitoring to provide more information as it becomes available, support IT teams in implementing targeted countermeasures. This response can be crucial in preventing the attack or mitigating the harm it is intended to cause.

Subscribing to the cybersecurity services offered by ACID Technologies can spare your organization the potentially disastrous effects of cyberattacks at a fraction of their cost and enable you to put your resources to good use where they are most needed.