Cybercriminals are increasingly targeting the financial industry

Piggy bank theft

Cybercrime tends to follow the money when it comes to selecting targets, so it’s perhaps not too surprising to learn that 63 percent of financial institutions admit experiencing an increase in destructive attacks.

The latest Modern Bank Heists report from VMWare surveyed the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift in the sector.

The findings show that 74 percent experienced at least one ransomware attack over the past year, with 63 percent paying the ransom. When asked about the nation-state actors behind these attacks, the majority of financial instructions state that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.

Interestingly the aim of attacks has shifted. Cybercriminal cartels are now seeking non-public market information, such as earnings estimates, public offerings, and significant transactions. In fact, 66 percent of financial institutions experienced attacks that targeted market strategies.

Among other findings, 67 percent of financial institutions observed the manipulation of time stamps, an attack called Chronos named after the god of time in Greek mythology. Notably, 44 percent of Chronos attacks targeted market positions. Also 83 percent are concerned with the security of cryptocurrency exchanges which are attractive to cybercriminals as successful attacks can easily and quickly be monetized.

Tom Kellermann, head of cybersecurity strategy at VMware says, “Security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilizing wipers and Remote Access Tools (RATs), and a record-breaking year of Zero Day exploits. Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector. Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats.”

Given the level of attacks it’s not surprising to learn that the majority of financial institutions plan to increase their cybersecurity budget by 20-30 percent this year. Top investment priorities include extended detection and response (XDR), workload security, and mobile security.

You can get the full report on the VMWare site.

Image Credit: Rob Hyrons / Shutterstock

Author: Martha Meyer