Three Cyber Threats Targeting Financial Services Companies

Cyber criminals continue to target the financial services industry to steal payment card data, online banking accounts, and to compromise ATM machines using ransomware, cryptomining, and other malware. Defending against this is made more difficult due to challenges such as blending new technology with legacy systems while meeting evolving compliance standards.

A recent Fortinet Threat Landscape Report highlights threats targeted at a number of industries, including financial services. Let’s see which are the three threats that most stood out in the report:

  1. Silence Group is a criminal enterprise. They primarily target financial institutions in Russia and eastern Europe, the infrastructure they rely on to support their criminal activities has expanded to include Australia, Canada, France, Ireland, Spain, Sweden, and the United States.

At the same time, Silence Group has grown more sophisticated. The leveraged pre-installed and publicly available tools such as PowerShell, that allowing them to accelerate lateral movement across a network while enhancing evasiveness because they use processes the network has already identified as legitimate.

In another attack, the Silence Group used spear phishing strategy to compromise banks to gather financial data and enable the remote withdrawal of money from ATMs, an attack known as “Jackpotting.”

  1. Another criminal team, known as Emotet, launched several new campaigns during Q1 of 2019 using information-stealing, ransomware, and banking Trojan modules. It was one of three most-seen botnets in Latin America and the Caribbean in Q4 of 2018.

Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting private and public financial institutions around the world.

  1. Another serious development is a shift away from random attacks toward things like tailored ransomware. One recent example is LockerGoga, a ransomware variant that surfaced early this year.

Despite causing severe disruption to financial targets in Europe and the United States through attacks informed by research and due diligence, researchers have pointed out the end goal of these attacks was not extortion. There is still not a clear understanding of the motivation.

What is clear is that these highly targeted attacks, especially when combined with advance tactics, help cybercriminals evade detection, bypass security sensors, and achieve their goals with little to no recourse from their targets.

Cyber criminals continue to modify their attack strategies to increase accuracy and achieve their primary goals. For the financial services industry, this can result in the targeting of online banking accounts, payment cards, and even ATM machines.

In order to defend against these sophisticated threats, financial institutions must rely on threat intelligence and advanced behavioral and system analytics in order to identify threats and circumvent the impact of these new targeted cyberattacks.

By Anthony Giandomenico, Senior Security Strategist at Fortinet