FINANCIAL SERVICES CYBERSECURITY

Financial Services Cybersecurity

ACID Technologies helps banking and finance institutions protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted institutions to implement effective preventive measures

Cybercrime directed at banks and other financial institutions remains a major concern. The immense amounts of customer data they hold and the large sums of money they handle make them a highly attractive target in the eyes of cybercriminals.

ACID provides financial institutions with an effective solution that helps them potentially foil cyberattacks or mitigate their consequences. Providing real-time alerts at the first hint of a planned attack, complete with detailed information, allows implementing the appropriate countermeasures to eliminate or mitigate the risk. Through ongoing monitoring of the dark web and numerous other sources, any new information is passed on to the intended victim as soon as it becomes available, enabling it to increase the effectiveness of its response. Consequently, the targeted organization can potentially avoid heavy regulatory fines and damage to its reputation, which could be disastrous to its business. The information gathered, even if after a breach has occurred, alerts the organization to its vulnerability and allows it to close security gaps and prevent further harm.

Current trends that make financial services cybersecurity a necessity

The finance and banking sector is undergoing rapid digitization and assimilating new technologies. Where the implementation of the necessary cybersecurity measures fails to keep up, financial institutions face elevated risks, in an industry where consumer trust is paramount. Exposure to attacks through vendors, partners and customers also increases banking and finance institutions’ vulnerability to cyberattacks. Furthermore, stringent regulatory and privacy requirements may increase the incidence of extortion attacks and exploit financial institutions’ fears that the exposure of noncompliance and data breaches will result in heavy fines and lost business.

According to the global cybersecurity company BlackFog, the financial sector is the hardest hit – with approximately 300 times as many cyberattacks as other industries.

The number of attacks targeting the financial sector is 300 times greater than in other industries

(BlackFog)

The average cost of a data breach in the financial sector is $5.85M – 30% higher than in other sectors

(Varonis, 2021)

A Varonis report from 2021 indicates that the average cost of a data breach in the financial services sector is US$ 5.85 million – about 30% higher than the average in all sectors. Importantly, it adds that a breach in financial services businesses is only detected and contained an average of 233 days after it had occurred – leaving the targeted organization exposed and vulnerable for many months.
Banking Cybersecurity

This data highlights the importance of financial services cybersecurity in helping financial institutions avoid the cost of cybercrime. Cyberattacks are extremely costly not only in terms of direct financial losses; any harm to the financial institution’s image and loss of client trust will impact on its client base and cause heavy indirect financial losses as well.

The growing incidence of cyberattacks demonstrates the importance of financial services cybersecurity

Since the outbreak of the Covid-19 pandemic, in the first part of 2020 alone, 75% of banks and insurance groups experienced a rise in cybercrime (Cyber Talk). The number of recorded cyberattacks directed against financial firms and financial services organizations in this period increased by 238% (Fintech News). The US Department of Treasury’s Financial Crimes Enforcement Network reported in September 2020 that more than US$1 billion dollars were stolen from institutions each month.

Attacks on the financial sector, including banks, credit card companies, investment firms, etc., have not ended with the resumption of routine activity in the financial sector; on the contrary, this sector continues to be targeted relentlessly.

Major attacks that could have potentially been prevented with ACID’s financial services cybersecurity solution

  • Tesorería General de la República, Chile: In early 2023, Chile’s Tesorería General de la República – the General Treasury of the Republic of Chile – was hacked. The perpetrators are believed to have stolen 600 GB of data. When the General Treasury announced that the attack did not affect its operation, the hackers quickly claimed that “hundreds of debts have been forgiven. Hundreds of rejections have been accepted.”
  • Zacks Investment Research: In January 2023, Zacks announced that hackers had gained access to personal and sensitive information of 820,000 of its customers (names, addresses, email addresses, phone numbers and user passwords for the company’s website) sometime in the period between November 2021 and August 2022.
  • TransUnion SA: In March 2022 it was reported that the South African credit bureau TransUnion SA suffered a ransomware attack. TransUnion’s investigation revealed that data relating to 5 million consumers was potentially affected, with a further 5.2 million consumers having had only ID numbers affected with no personal information linked to the ID number. 600,000 business organisations were also potentially affected.
  • Full details of more than 1.22 million stolen credit cards with expiry dates between 2023 and 2025 were released into the dark web carding place BidenCash, along with the card holders’ names, social security numbers, street addresses, email addresses and phone numbers, as revealed by Cyber Security Hub in December 2022. Most of the victims were from the US, and the remaining from various countries around the world. It is assumed access to this information was gained through malware, hacking ecommerce sites and other vectors. Interestingly, the credit card details were released for free, possibly to promote BidenCash’s new domain, following several DDoS attacks that forced it to launch new URLs.

Some less recent (2021) major attacks that have been perpetrated against companies operating in the financial sector include:

  • In Germany, a DoS attack on an IT firm working with local cooperative banks disrupted the operation of 800 financial institutions nationwide.
  • Cyren Inc., an Internet security technology company, reported a 300% increase in phishing attacks against Chase Bank customers in the three-month period from May to August 2021.
  • In a cyberattack on the American stock trading platform Robinhood, the hacker gained access to the personal data of some 7 million customers.
  • AXA, the European insurance giant, was the victim of a ransomware attack, ironically, shortly after it announced in France that it would no longer cover damage from this type of attack.
  • CNA Financial’s operation was disrupted for three days due to a ransomware attack.

Additionally, attacks on cryptocurrency companies are becoming more common:

  • Bitmart, a crypto trading platform, suffered a crypto cyberattack that caused it to lose US$ 200 million in assets.
  • In what seems to be one of the largest cryptocurrency thefts ever, hackers exploited a vulnerability in Poly Network (a platform aiming to connect different blockchains to enable them to work together) and stole more than US$ 600 million.

The solution: ACID’S financial services cybersecurity helps to protect from different types of cyberattacks

Common types of attacks against the financial sector include:

  1. Social engineering
    Social engineering includes phishing attacks through emails, text messages or online ads; fraudware; and ‘favor for favor’ – a social engineering trick in which victims are encouraged to share confidential information in exchange for a service.

    According to a Deloitte survey, social engineering is considered the greatest threat faced by financial sector companies. Furthermore, research conducted by Cisco reveals that 43% of employees have made mistakes that could potentially leave an organization exposed to a cyber threat.
  1. Malware
    Malware was widely used to attack financial organizations in 2021, with new malware samples being continuously developed, making this threat particularly challenging. Malware is also often used in unison with phishing emails, and is spread through mobile devices.

Some of the common features of malware targeting the financial sector are:

  • Supply chain attacks that entice a user to install a fake, malware-infected software patch.
  • Trojans relying on malicious Google Adsense campaigns, which target the banking sector.
  1. Advanced Persistent Threat (APT) attacks
    In APT attacks, cybercriminals exploit the vulnerabilities of a targeted organization to establish a long-term presence in its network. They often infiltrate the financial organization’s internal system through spear phishing, then utilize backdoor malware to gain remote access and subsequently collect data on internal procedures and banking applications in preparation for exfiltration. The attacks typically result in the theft and encryption of data for ransom, or the theft of funds, as well as in harm to the organization’s reputation.
  1. Island hopping
    ‘Island hopping’ is an attack which exploits vulnerabilities in the networks of an organization’s partner/s, instead of directly attacking the organization itself, in order to gain access to sensitive data.

The FS-ISAC’s (Financial Services Information Sharing and Analysis Center), in its Global Intelligence Office report titled Navigating Cyber 2022, predicted that in 2022 third-party risk, zero-day vulnerabilities, and ransomware groups will adapt to the changing cyber environment and continue to increase. 

ACID’s financial services cybersecurity solution provides valuable information

ACID implements AI algorithms and deploys clusters of bots that scan the clear, deep web and dark web 24/7/365 and multiple other sources, searching for information on attacks being planned, or signs indicating that they have already been launched. It uses client-specific keywords in several languages to produce the best results.

Upon detection of a threat, ACID fully discloses all the available information to the client and continues to provide updates as more details are revealed.
Financial Services Cybersecurity

When the threat is detected on the dark web and deep web, ACID, aware that many organizations prefer to avoid accessing these areas of the Internet or are unable to do so, provides a screenshot of the threat. ACID clients share that their IT personnel find this feature of the solution exceedingly useful when preparing an effective response.

While ACID scans numerous, diverse sources 24/7/365, upon a specific request from clients, it can include additional sources that they are particularly interested in and scan those as well.

The detection of the types of attacks listed above, as well as others, helps financial organizations protect themselves from financial scams, fraud, direct theft, data theft, extortion and the opening of fake accounts and lines of credit.

ACID’s financial services cybersecurity – a cost-effective solution

As shown above, cybercriminals can employ many methods to attack financial institutions, and when successful, can cause potentially catastrophic harm, and even place the organization’s continued operation at risk.

A report titled ‘Modern Bank Heists 5.0’ published by the cloud computing and software provide VMware, based on a survey of conducted among 130 Chief Information Security Officers, states that 7 of 10 of the financial institutions spend up to 12% of their overall IT budget on security; however, the majority intended to increase their budget by 20% to 30% in 2022.

When weighing the cost of ACID’s cybersecurity solution for the financial sector against the resources an organization would need to invest in-house to achieve results that may not provide a comparable level of protection, leaves no doubt that ACID’s services are not only essential, but also highly useful for IT teams preparing effective countermeasures to detected threats. One feature found to be extremely valuable to them is a screenshot of the threat as found on the dark web, and not only the information it contains. Additionally, the ability to add sources that a particular client wishes to scan, if not already covered in ACID’s broad scope, provides important added value.

ACID Intelligence and DIP cost-effectively confront the increased risks faced by finance and banking institutions. Advance detection in the early stages of cyberattack planning, real-time reporting and continuous monitoring to provide more information as it becomes available, support IT teams in implementing targeted countermeasures. This response can be crucial in preventing the attack or mitigating the harm it is intended to cause.

Subscribing to the cybersecurity services offered by ACID Technologies can spare your organization the potentially disastrous effects of cyberattacks at a fraction of their cost and enable you to put your resources to good use where they are most needed.

Banks and other financial institutions handle very large sums of money and hold immense amounts of sensitive customer data. This makes them ideal targets for cybercriminals.

74% of the attacks in the finance and insurance sectors compromised customers’ personal details, with the average cost of a data breach in the financial industry reaching $5.9 million (IBM).

The US Federal Deposit Insurance Corporation (FDIC) 2024 Report on Cybersecurity and Resilience quotes the 13th Annual Ernst & Young (EY) Global Bank Risk Management Survey, which names cybersecurity risks as the top near-term risk for banks. It adds that geopolitical events also increase the likelihood of cyber attacks on banks.

Financial institutions’ cybersecurity policies have been to transfer risks and the costs of a cyber breach by taking out insurance policies. Illustrating the gravity of the problem is the decision made by insurers to include harsh restrictions and exemptions in their policies, and also reduce the sums covered for bank losses incurred due to fraud.

Heavy competition is forcing increasing digitization and the rapid assimilation of new technologies in the finance and banking sector. However, where the implementation of the necessary cybersecurity measures fails to keep up, financial institutions face elevated risks – in an industry where consumer trust is paramount. Exposure to attacks through vendors, partners and customers also increases banking and finance institutions’ vulnerability to cyber attacks.

Furthermore, heightened regulatory and enhanced privacy requirements may increase the incidence of extortion attacks, exploiting financial institutions’ fears that the exposure of noncompliance and data breaches will result in fines and lost business.

Ransomware: The largest number of detected ransomware attacks in 2023 targeted the banking industry (Trend Micro). The rate of ransomware attacks in financial services increased to 64% in 2023 from 55% in 2022. The data of 81% of financial organizations that incurred a ransomware attack was encrypted, with the most common root causes of the most significant attacks being exploited vulnerabilities (40%) and compromised credentials (23%) (Sophos, 2023). Ransomware attacks can severely disrupt a bank or other financial institution’s core activities, compromise the confidentiality of customer data, lead to loss of clients and erode reputation.

Phishing: Most often e-mail based, remains a prime concern: The Anti-Phishing Working Group (APWG)’s 2023 report indicated that the financial sector is at the receiving end of 23.5% of all phishing attacks – the most targeted among all surveyed sectors.

Denial-of-service (DoS): The Wall Street Journal reported in 2024 that DoS attacks targeting banks and other financial services firms are surging worldwide, with politically motivated hackers as their main driver.

Other main cyber threats faced by the financial industry include third-party risks; SQL Injections (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), and OGNL Java Injection; supply chain attacks, and bank drops.

Some recent cyber attacks targeting banking and financial institutions include:

  • In July 2024, the loan company Affirm informed its clients holding payment cards that due to a data breach at Evolve Bank & Trust, its third-party issuer, the personal information of 7.6 million individuals had been stolen in the recent LockBit ransomware attack.
  • Prudential Financial, an American Fortune Global 500 and Fortune 500 company, was the target of a ransomware attack that was carried out on February 4, 2024 and attributed to Alphv Ransomware, also known as BlackCat. It discovered the attack the following day. As a result, the personal details of 2.55 million individuals were compromised.
  • Cooper, the largest non-bank mortgage server in the USA suffered a cyber attack, which led to system lockdown activated to protect its customers’ data, although it was later revealed that some data was compromised in the attack. The attack prevented 4.3 million Mr. Cooper users from making online payments.
  • A data breach at the financial software provider Infosys McCamish on November 3, 2023 compromised the sensitive personal data of more than 57,000 Bank of America clients. According to Forbes, these included the clients’ names and addresses, social security numbers, dates of birth, phone numbers, account numbers and credit card information. Some sources state that the bank detected the breach itself on November 24 through routine monitoring, while other sources indicate that the provider notified the bank on that date. The affected bank clients, however, were only notified on February 2, 2024. It remains unclear if the delay constituted a violation of federal notification law or was caused by law enforcement investigations.
  • Managed Care of North American (MCNA), one of the largest dental health insurers in the USA, suffered a ransomware attack. that affected some 9 million individuals. The LockBit ransomware group admitted to being behind the attack. It reportedly stole 700 GB of data, including sensitive personal and health insurance information of patients. When its demand for ransom of $10 million was not met, it exposed the data.
  • In the first half of 2022, the Ronin Network was breached by hackers by gaining access to private keys used to forge fake withdrawals. The hackers hijacked 173,600 Ethereum and $25.5 million – totaling nearly $615 million in stolen funds, as reported by Bank Info Security. US authorities attributed the attack to a North Korean state-backed cybercrime operation named Lazarus Group. In August 2024, Ronin Network was again targeted in a much smaller attack.

 How does ACID Technologies’ solution reduce the risk of cybercrime in the financial industry and the damage it causes?

ACID Intelligence and DIP cost-effectively confront the increased risks faced by banks and other financial institutions. Clusters of robots are unleashed and sophisticated AI tools implemented to continuously monitor the dark web, deep web and a multitude of other sources and platforms, in order to detect even the earliest signs of an attack. The use of client-specific keywords in the relevant language/s provides results and valuable information that is essential to preparing an effective response to the threat by the targeted organization. Additional information allows finetuning the response for increased efficiency. By potentially thwarting the attack or mitigating its harmful effects, the financial institution can significantly reduce its risks of incurring heavy fines and damage to its business due to loss of client confidence.

 ACID Intelligence and DIP are well-equipped to detect numerous types of cyber attacks targeting the finance and banking sector, among them:

  • Ransomware
  • Phishing
  • DDoS
  • SQL injection (SQLi)
  • Local file inclusion (LFI)
  • Cross-site scripting (XSS)
  • OGNL Java Injection
  • Credential stuffing
  • Theft of BINs (Bank Identification Number), SWIFT codes

These are aimed at committing, among others:

  • Financial scams
  • Fraud
  • Opening fake accounts and lines of credit
  • Direct theft
  • Data theft
  • Extortion 

Each dollar spent on ACID’s solutions is a sound investment in your cybersecurity. It reduces your exposure to cyber threats which could be disastrous to your organization and equips you with information, often in advance of an attack, which enables you to proactively counter the threat.