Cyberthreats, regulations mount for financial industry

The cybersecurity landscape for financial institutions and finance technology (fintech) has changed dramatically in the past few years, and 2023 will likely be no different.

In 2022, for example, distributed denial-of-service (DDoS) attacks targeting financial firms increased by 22% worldwide, compared to the previous year, according to a joint report published by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and Internet infrastructure firm Akamai. Financial institutions in Europe saw an even greater jump, with 73% more DDoS attacks, the report stated.

While many businesses wave aside DDoS attacks as noise on the Internet, such tactics are increasingly used as a diversion tool, especially with geopolitical tensions running high, as they have since Russia invaded Ukraine, says Teresa Walsh, global head of intelligence at the FS-ISAC.

Financial institutions need to gauge “the potential for DDoS attacks to be used as a decoy for more damaging cyber activities, such as the infiltration of systems and the installation of malware,” she says. “While DDoS attacks themselves tend to not cause large windows of downtime due to a wide array of standard defensive measures available to financial institutions, the same practices are not as readily available for DDoS used as a smokescreen.”

The increase in DDoS attacks is just one area where financial services and fintech firms face an increasing level of threats. Driven by nation-state groups taking sides in the Russia-Ukraine war, ransomware is becoming more destructive, while attacks on financial data are increasingly a problem facing all types of organizations. In addition, attackers are using cybercriminal services — such as access brokers and ransomware-as-a-service — leading to more specialized and sophisticated operations against financial institutions and cryptocurrency services.

Regulations are also changing the cybersecurity landscape for financial firms, which must now — as of May 1, 2022 — disclose cyber incidents within 36 hours to their regulators in the United States, if the incident could impact the US banking system. At the same time, the recent ransomware attack on derivative service provider ION Group and the ongoing popularity of business email compromise (BEC) schemes shows the brittleness of the financial supply chain.

While financial firms have some of the best cybersecurity, attackers continue to find ways to succeed, says Tom Kellermann, senior vice president of cyber strategy at Contrast Security.

“They have invested much more than other industries in cybersecurity, they have the best technologies, and they have some of the very best people in the world,” he says. “But they’re being hunted by the most organized sophisticated cybercrime cartels in the world, coupled with intelligence services from rogue nation states who want to hack the sector — not just for the purposes of economic espionage, but to help offset economic sanctions.”

Geopolitics & Cybercriminal Specialization Spur Changes

Two major forces are changing the overall cybersecurity landscape. Russia’s invasion of Ukraine has led to a parallel cyberwar that, unlike the physical conflict, has spilled outside the boundaries of those two nations. The Russia-Ukraine conflict has led to a greater number of attackers focusing on destructive operations, in addition to stealing funds or deploying ransomware for profit.

More than half (54%) of financial firms interviewed by Contrast Security considered cyberattacks from Russia as the top threat, with a quarter naming North Korea as their top worry.

“The Russians are most concerning to these institutions because Russian cybercrime cartels are far more knowledgeable of, not only the financial sector in terms of how it operates and what is most valuable … but also the interdependencies that exists in the sector,” Kellermann says. “Which is why you’re seeing that surge of attacks against APIs and an increase in island-hopping and watering hole attacks.”

Overall, cyberattacks in the sector have become more sophisticated, with many traditionally standalone attacks now being used as part of more complex operations, with “as-a-service” models replacing some parts of the attack chain. Access brokers have become far more popular, as demonstrated by the growth of the Emotet malware-as-a-service operation, cybersecurity firm Kaspersky said in a list of cyberthreats targeting the financial services industry.

To read the complete article, visit Dark Reading.