Cybercriminals increasingly targeting financial industry, reveals VMware

VMware, Inc. has released its fifth annual Modern Bank Heists report, which takes the pulse of the financial industry’s top CISOs and security leaders on cybercriminal cartels’ changing behavior and the financial sector’s defensive shift.

According to the report, financial institutions are facing more destructive attacks and falling victim to ransomware than in previous years, as sophisticated cybercrime cartels move beyond wire transfer fraud to target market strategies, take over brokerage accounts, and island hop into banks.

In the Modern Bank Heists report, 63% of financial institutions admitted experiencing an increase in destructive attacks, with cybercriminals leveraging this method as a means to burn evidence as part of a counter incident response. Furthermore, 74% had at least one ransomware attack in the previous year, with 63% paying the ransom. When asked about the nation-state actors behind these attacks, the majority of financial instructions said Russia was the most concerning, as geopolitical tensions in cyberspace continue to escalate.

The report also discovered that once cybercriminals gain access to a financial organization, they are no longer looking for wire transfers or capital, as was previously assumed. Cybercriminal cartels are now looking for non-public market data such as earnings estimates, public offerings, and significant transactions. In fact, two out of every three (66 percent) financial institutions were subjected to attacks aimed at market strategies. This type of modern market manipulation is similar to economic espionage and can be used to digitize insider trading.

Additional key findings from the 2022 Modern Bank Heists Report include:

• 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. The increase represents a new era of conspiracy where hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome.
• 67% of financial institutions observed the manipulation of time stamps, an attack called Chronos named after the god of time in Greek mythology. Notably, 44% of Chronos attacks targeted market positions.
• 83% are concerned with the security of cryptocurrency exchanges. The advantage for cybercriminals of targeting cryptocurrency exchanges is that successful attacks can be immediately and directly turned into cyber cash.
• The majority of financial institutions plan to increase their budget by 20-30% this year. Top investment priorities include extended detection and response (XDR), workload security, and mobile security.

“Security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilizing wipers and Remote Access Tools (RATs), and a record-breaking year of Zero Day exploits. Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector. Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats,” said Tom Kellermann, head of cybersecurity strategy, VMware.

VMware conducted an online survey in February 2022 about evolving cybersecurity threats facing financial institutions. 130 financial sector CISOs and security leaders from around the world participated. 41% of financial institutions (FIs) are headquartered in North America, 29% in Europe, 16% in Asia-Pacific, 12% in Central and South America, and 2% in Africa. Respondents were only allowed to choose one response per question.