Volume8,Issue3
[StateoftheInternet]
Enemyat
theGates
AnalyzingAttacksonFinancialServicesTableofcontents
2Introduction
4Thethreatlandscape
6Growingsecurityrisk
14Dangersposedbynewlydisclosedvulnerabilities
18DDoSattacks
22Financialservicescustomersinthecrosshairs
26Phishingtrends
30Theroadtomalware
32Summary
33Credits
EnemyattheGates:Volume8,Issue3SOTI1Introduction
Financialservicesisamongtheindustriesthathavebeentheheaviesthitby
cybercrime—fromtheheydayoftheZeusandotherbankingtrojanstoDistributed
Denial-of-Service(DDoS)attacks,modernphishingattacks,andransomware.FinServ
isavitalsectorthatplaysamajorrolenotonlyinthelivesofpeople,butalsointhe
globaleconomy.Anydisruptionordowntimeoffinancialservicescarriesserious
implications,andthesensitivedatatheseorganizationsholdcanbeturnedintoa
valuablecommodity.Attackers,therefore,seeFinServasalucrativetargetandlevya
widerangeofattacksagainstthem,fromnewlydiscoveredzero-dayvulnerabilitiesto
tried-and-truephishingattacks.
It’snosecret,then,thatattackersarehighlyfocusedandmotivatedtoattackthe
FinServindustry.Traditionally,theFinancialServicesStateoftheInternet(SOTI)report
haspickedatopiclikephishingorfraud,butthistimewehavetakenamuchbroader
approachandcoveranumberofissuesaffectingthisoftenattackedindustry.
Thisbroaderlenshasallowedustoseetheimmensesurgeinthenumberofattackson
thefinancialservicesindustry,andthealarmingspeedatwhichattackersareleveraging
newlydiscoveredzero-dayvulnerabilities.CustomersofFinServaren’tsparedeither,with
alargeportionofattackerschoosingtoforgoattacksononeofthemostsecure
industriesintheworld,andinsteadattacktheirconsumersenmasse.Withthisenemy
standingatthegate,itisimportantforFinServsecurityprofessionalstounderstandhow
thethreatlandscapeisshifting.Ourreportincludesthesekeypoints:
EnemyattheGates:Volume8,Issue3SOTI2TL;DR
ThefinancialservicesindustryAsignificantincreaseinLocalFile
consistentlyranksinthetopthreeInclusion(LFI)andCross-SiteScripting
targetedverticalsforwebapplication(XSS)attacksdemonstrateshow
andAPI,zero-day,andDDoSattacks.attackersareshiftingtowardremote
codeexecution(RCE)attemptsthat
FinServshoweda3.5xsurgeinwebpresentalargerstrainontheinternal
applicationandAPIattacksyearoveryear,securitynetwork.
thehighestgrowthofanymajorindustry.
AbuseofFinServcustomersisrampant,
Within24hours,theexploitationofwithmorethan80%ofFinServattackers
newlydiscoveredzero-dayvulnerabilitiesfocusingoncustomeraccountsrather
againstFinServcanreachmultiplethantheorganizationsthemselves,either
thousandsofattacksperhouranddirectlyorviaphishing-relatedactivities.
peakquickly,affordinglittletimeto
patchandreact.Phishingcampaigns(likeKr3pto)are
introducingtechniquesthatbypass
two-factorauthentication(2FA)
solutionsusingone-timepassword
tokensorpushnotifications.
EnemyattheGates:Volume8,Issue3SOTI3Thethreatlandscape:
attacksonfinancialservicesgrow
Thefinancialservicesverticalcontinuestobeoneofthemostwidelyattackedindustries
intheworld,andthenumberofattacksshowssignsofgrowing.WebapplicationandAPI
attacks,inparticular,areincreasingatanalarmingratewhilealsogrowingincomplexity.
Attackersareseekingtogainafootholdtointernalnetworksandcausedisruptionasa
meansofpressuringorganizationstopaymoneytopreventfurtherdamages.Asavital
sector,financialservicesneedtobeupandrunning.Attackerscouldalsomonetizestolen
sensitiveinformationorgainaccesstocustomer’saccountsandstealtheirmoney.
Cybercriminalshavesettheirsightsonfinancialservicesanditscustomers,andassuch,
we’veseenthisverticalheightenitscybersecurityawarenessandincreaseitsITbudget
forcybersecurity.Failuretosafeguardtheirperimeteranddatacouldresultinbreaches
byransomwareandotherthreats,andconsequently,significantcriticaldataandfinancial
losses.AccordingtoIBM’sCostofaDataBreach2022report,databreachesagainst
financialservices,whichisconsidered“criticalinfrastructure,”hasanaveragecostof
US$5.97million.
EnemyattheGates:Volume8,Issue3SOTI4