The fourth modern bank heist report shows escalation
In the fourth annual Modern Bank Heists report, VMWare interviewed 126 CISOs, representing some of the world’s largest financial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organized nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defence.
Here are some the key findings from the report:
From heist to hostage: 38 percent of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust (often times trust that’s been built up over hundreds of years) against the bank’s constituents by commandeering its assets.
Increased geopolitical tension and counter IR triggering destructive attacks: There’s been a 118 percent increase in destructive attacks as we see geopolitical tension play out in cyberspace. Russia, China and the U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
The digitization of insider trading: 51 percent of financial institutions experienced attacks targeting market strategies. This allows for the digitization of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
Cybercriminals launch Chronos attacks: 41percent of financial institutions observed the manipulation of time stamps. This is occurring within a sector that’s incredibly dependent on time given the nature of its business. Because there’s no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.
As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.
These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitize over the past year as the pandemic hampered them from conducting business as usual. This has popularized the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.
So, how should the financial industry respond?
The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.
It’s no longer a matter of if, but when “the next SolarWinds” will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.
You can access and download the full report here.