Positive Technologies, a player in proactive cybersecurity, has conducted an examination of cyber threats pertinent to the financial sector. In Q3 2023, distinctive attacks on this industry exhibited a twofold increase compared to the corresponding period in the previous year. Predominantly focusing on the least secure entities and their clientele, attackers frequently employed malware in their endeavors. The incidence of encryption malware in such events surged by 3.5 times. Furthermore, assailants are increasingly exploiting vulnerabilities at the network perimeter and infiltrating financial entities by targeting their supply chains. The ill-gotten databases and credentials from these attacks are traded on cybercriminal platforms. Simultaneously, hacktivists persist in targeting financial institutions.
In the initial nine months of 2023, malware constituted the majority of attacks (35%), with encryption malware being employed in 63% of cases, a notable surge from the previous year’s 18%. Social engineering as an attack method witnessed a decline from 47% to 25%, attributed by Positive Technologies to the rise of alternative attack strategies.
Analysts observed a substantial uptick in incidents exploiting vulnerabilities at the network perimeter (32% of cases) and compromises via supply chains (22%). Open-source software featured prominently in such incidents for disseminating malicious code. In a notable case, cybercriminals established a fraudulent LinkedIn page impersonating a bank employee to mask their spoofing. Positive Technologies anticipates a potential increase in the prevalence of such attacks due to the widespread use of open-source software in the development projects of various companies, including financial organizations.
Positive Technologies recommends that financial entities closely monitor third-party components when developing their software, scrutinizing them for potential backdoors and vulnerabilities.
Evgeny Gnedin, Head of Security Analytics at Positive Technologies, emphasized the low network perimeter security worldwide, as confirmed by penetration tests on financial institutions in 2023. Even the bank with a robust security system fell prey to a zero-day vulnerability, underscoring the need for financial companies to establish robust security systems to withstand potential severe damage from successful attacks.
Data leaks continued to be the predominant consequence of attacks, increasing from 51% to 64%. Database-related messages accounted for 42% of malicious ads on the dark web and dedicated Telegram channels, with 43% distributing files for free as a means of coercing companies into paying ransoms. Ads selling fresh data and insider services constituted 30%, with 29% of messages being from prospective database buyers. Positive Technologies attributes this high percentage to targeted attacks, which make up 98% of incidents in the financial sector.
Approximately 40% of incidents involved disruptions in financial services availability, primarily driven by ransomware attacks, which constituted 63% of successful attacks. Hacktivist attacks also led to system shutdowns, a phenomenon particularly prevalent in regions experiencing geopolitical tensions.
Artem Sychev, Advisor to CEO at Positive Technologies, highlighted hacktivists’ objective to destabilize a country’s entire financial system, creating panic among citizens. In response, financial companies are advised to fortify their cybersecurity systems to ensure high operational reliability. Sychev emphasized the necessity for a centralized approach to address growing cybersecurity challenges, including coordinated industry-level responses and the analysis of potential chains of events with fatal consequences.
To counter cyber threats, the financial sector is advised to utilize cutting-edge security tools, including solutions for monitoring cybersecurity events and detecting incidents (MaxPatrol SIEM), endpoint security systems, effective vulnerability detection and management tools (MaxPatrol VM), and fully automated, results-driven cybersecurity solutions. Additionally, the use of sandboxes offering flexible customization of virtual environments for analysis and threat detection in files and network traffic (PT Sandbox) is recommended.