The ease-of-exploit rating has made the financial sector a cybercrime magnet for years, especially for targeted extortion attacks. The industry has fallen victim to numerous security breaches, data exfiltration hacks, DDoS attacks taking down global online operations and disrupting services, and has lost millions to malware and ransomware attacks. So what’s next?
The good news is that Shellshock attacks, which have been actively monitored in the past 3 years, significantly decreased in 2017, according to IBM X-Force Threat Intelligence report, leading to a decline in attacks (18 percent) and security incidents (22 percent) that year. This doesn’t mean Shellshock attacks will go away; they will still be prevalent but not as common.
Unfortunately, hackers have sharpened their tools since 2014 when malware such as Dyre, TrickBot or Dridex went after banking services. Injection attacks, for example, have almost doubled in 2017, representing 79 percent of attacks on cybercrime networks. The main attacks detected are botnet-based CMDi LFI attacks and CMDi attacks that use coin-mining tools.
Financial malware campaigns are still as popular as ever across enterprise networks. Gozi (Ursnif) variants, Zeus, Dridex Ramnit, Zeus Sphinx, TrickBot, QakBot, Zeus Panda, GootKit, and Qadars were the most common families detected in 2017.
“Gozi activity made up nearly one-fourth of the activity tracked, proving that organized crime is overtaking all other classes of actors in the financial malware-facilitated fraud scene,” reads the report.
For the second year in a row, the financial services industry is one of the most targeted sectors in 2017, followed by information and communications technology, manufacturing and retail.
“Since security incidents have the highest severity of the monitored event data, they are weighted accordingly when ranking,” researchers said in the report. “For this reason, although the information and communications technology industry experienced the highest number of attacks, it ranks second to financial services, which experienced nine percent more security incidents.”
The industry was warned not long ago by the US Secret Service, after the identification of a new scam that sabotaged debit cards linked to corporations. Hackers would go to any length to target enterprises and notable customers. Unpatched network vulnerabilities make it easy for them to infect internal networks with malware that withdraws money and valuable data, the most common types being phishing and credential-stealing malware or code injection to intercept transactions.
Luckily, the IBM report found, businesses in the financial services sector have made significant investments in cybersecurity and threat mitigation, because they understood the threat landscape is growing more complex. They even secure bitcoin stashes, as part of their recovery plan, to make sure ransom doesn’t catch them off guard. But hackers are also working on their methods which has led to a growth in baking Trojans designed for consumers, such as Gozi malware that hijacks login pages to trick the customer into giving away personal information.