Modern Bank Heists: Cybersecurity Threats Facing the Financial Sector

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Despite investing heavily in security, financial institutions continue to experience cyber attacks at a rapid pace. Conducted primarily for the purpose of yielding illicit financial gain, cyber attacks against the financial services industry are increasing in sophistication and are often undetectable, global and instantaneous. This will be one of the themes of this year’s FS-ISAC Annual Summit, taking place in Boca Raton this week.

Click here to download the full report 

To better understand how cybercriminals remain undetected in their attacks against the financial services industry, Carbon Black recently collected responses from CISOs at 40 major financial institutions, including six of the top 10 global banks. In the report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector,  survey respondents revealed trends in lateral movement, counter incident response, integrity attacks and the most concerning threat actors financial institutions are currently facing.

Click here to download the full report 

The following outlines out key findings.

23% of respondents experienced counter incident response.

Cyber attacks have moved from burglary to home invasion over the last few years, and cybercriminals, aware that there are humans on the other end devised to detect and respond to their activities, are increasingly reacting and adapting to defenders’ response efforts. This trend will only continue unless organizations establish specific threat hunting teams. These threat hunters should employ both active measures (agents deployed to endpoints) as well as passive measures (netflow, packet capture appliances) to both anticipate and better defend their organization’s weaknesses.

Click here to download the full report 

8% of respondents experienced destructive attacks beyond ransomware. (& 90% reported being targeted by ransomware)

An overwhelming majority (90%) of CISOs responding to the survey reported experiencing some kind of attempted ransomware attack during the past year. However, what’s more concerning is that 1 in 10 respondents reported encountering destructive attacks unrelated to ransomware, and we believe these types of attacks will only increase in size as more hackers become punitive. From application attacks to fileless malware, destructive attacks enable cybercriminals to move freely and laterally within an organization’s network and often go completely overlooked until it’s too late.

Click here to download the full report 

44% of respondents were concerned with the security posture of their technology service provider (TSP).

TSPs are regularly targeted by cybercriminals, who have been slow to adopt “intrusion suppression” technologies and thus have become the weak links in the financial sectors information supply chain. Biggest weaknesses include visibility and time to detection, resulting in cybercriminals “island hopping.” To solve for these weaknesses, TSPs must shift to the cloud to enable delivery of faster, more accurate protection.

Click here to download the full report 

8% of respondents are seeing secondary command and control (C2).

Breach detection systems are being defeated as attackers continues to develop new methods to not only penetrate system defenses, but dwell a lot longer in an organization’s environment through C2. This new stage in the cyber kill chain – what we call the “maintenance stage” – give no reason for attackers to ever leave once they infiltrate an organization’s system.

Cyber defense is evolving into a high-stakes game of digital chess, and this latest report offers clear evidence that the cybersecurity challenges facing financial institutions will only worsen. Taking a more proactive approach to defense through the establishment of a threat hunting and incident response team is imperative to stopping future attacks.

The full report offers several more interesting statistics and recommendations for protecting your organization. Of note, non-malware attacks continue to make waves, with “good-use” tools leveraged for nefarious purposes.

To learn more about how financial institutions can reduce their cybersecurity risk through rapid detection and response, download the full report.  

The post Modern Bank Heists: Cybersecurity Threats Facing the Financial Sector appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?