The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organization’s network.
In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organizations all the time.
How can financial organizations protect themselves from existing threats and combat new ones at the same time?
The current threat landscape: Ransomware and the supply chain
Ransomware is a threat that has been around for a while and is favored by many cybercriminals. Unfortunately, the use of ransomware as an attack vector has grown exponentially over the past year, as data continues to gain and hold value with the expansion and reliance on the internet.
Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization’s files they’ve encrypted. To prevent victims with working backups from declining to pay, the attackers began implementing the double extortion method, i.e., demanding payment for decrypting files as well as not publishing the data they have extracted.
But lately we’re seeing threat actors taking it another step further: triple extortion. Ransomware gangs are encrypting files, threatening to publish the stolen data, and then launching a DDoS attack on the organization’s systems leaving businesses in a state of total disruption.
In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.
Increased demand on the dark web
The underground market is removing barriers to entry into cybercrime and making it incredibly easy for anyone who wants to become a hacker. Back in the day, cybercriminals had to be technically savvy to launch impactful, disruptive cyberattacks. Now, the market has become much more service-led with things like DDoS-as-a-service and ransomware-as-a-service readily available to unskilled cybercriminals looking for a quick win.
Another example we’ve seen increase recently is hackers offering RDP access to PoS terminals, with some being sold for up to $5000, allowing others to simply go to an organization’s servers and carry out any malicious activity they like.
Furthermore, there are several dedicated black-market sites which have been set up solely for the purpose of buying and selling remote access credentials. Threat actors have deployed bots and installed malware on endpoints all over the world to harvest credentials and sell them for $10 – $20 dollars on these dedicated sites. These credentials include those for financial services websites and login portals. With a click of a button, hackers can gain access to a customer’s account, carry out bank transfers and gather sensitive data from the site, which is then sold later or used to facilitate further crimes.
The emerging threat
As attackers develop more techniques to put pressure on organizations, ransomware attacks will only grow in popularity, and I predict we will see ransomware continuing to evolve to targeting things like mobile and IoT/OT devices. For financial services specifically, where mobile banking is widely utilized, a focus on protecting mobile devices will be of utmost importance.
Other than ransomware, the next technique we’re likely to see develop is the use of deepfake technology. Although not yet a trend nor something we have seen many attacks leverage, there have been examples such as the recent $35 million bank heist which suggest the technique is emerging and will be one for the financial services sector to watch.
Based on the hacker chatter that we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019. Based on this, we can expect hacker interest in deepfake technology to rise and will inevitably see deepfake attacks becoming a more utilized method for hackers in 2022.
Furthermore, like many other cyberattack methods, we predict that threat actors will look to monetize the use of deepfakes by starting to offer deepfake-as-a-service, providing less skilled or knowledgeable hackers with the tools to leverage these attacks through just the click of a button and a small payment.
Getting ahead of the attackers
Financial services customers frequently ask us how to get ahead of ransomware attacks and prevent themselves falling victim to them. One piece of advice I always offer is to track the most popular attack vectors used by the threat actors and align your security strategies and solutions accordingly.
In 2021 we saw a reduction in the use of RDP as an attack vector, most famously used in attacks like WannaCry and NotPetya, and an increase in hackers favoring spear phishing to help them launch ransomware attacks.
It’s very common to see hackers moving on to new attack vectors following well-publicized attacks, as organizations tend to focus their energies on understanding that specific attack vector and therefore put measures in place to prevent attackers using it, making their job harder. Unfortunately, this means that organizations are on the back foot when it comes to defending their networks and data – once one set of security measures is in place, another threat pops up.
Cybercriminals are always looking for new tools and techniques to target organizations with and the finance industry is an obvious choice. To be prepared and to protect themselves from cyberattacks, banks and other financial services organizations not only need to bolster their security stack with solutions that fix the vulnerabilities we know about and are seeing hackers exploit, but they also need to make themselves aware of what’s to come and act accordingly.
As we move into 2022 it will be vital that all businesses have access to intelligence which not only gives them full visibility into their environment but also the wider threat landscape, preparing themselves for threats such as ransomware and supply chain attacks like the ones we’ve seen this year. What’s more, as we see deepfake technology and other attack methods coming to the fore in the finance industry and cybercriminals continuing to be more service-led, organizations need to ensure they’re armed with solutions and resources to combat the “might be” threats of the future.