Cyberattacks vs. Financial Institutions: What the Cybersecurity Research Reveals
More than six in 10 financial institutions worldwide have been hit with sophisticated cyber attacks intended to take over brokerage accounts and island hop into banks, VMware said in a new report on crime syndicates evolving beyond wire transfer burglaries.
In VMware’s Modern Bank Heists 5.0 report that surveyed 130 financial sector CISOs and security leaders, the overriding conclusion is that financial institutions are increasingly imperiled by ransomware that uses new target market strategies. Indeed, 74 percent experienced at least one ransomware attack over the last year with 63 percent coughing up the demanded ransom.
The majority of financial institutions said that Russian hackers posed the greatest threat.
Once inside a financial institution, rather than seek wire transfers or to steal money, hackers look for non-public market information such as earning estimates, public offerings and major transactions, data that can be used to manipulate market value, according to the report.
Here are some additional findings:
- 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year.
- 67% of financial institutions observed the manipulation of time stamps, an attack called Chronos named after the god of time in Greek mythology. Notably, 44% of Chronos attacks targeted market positions.
- 83% are concerned with the security of cryptocurrency exchanges, where successful attacks can be immediately and directly turned into cyber cash.
- The majority of financial institutions plan to increase their budget by 20-30% this year. Top investment priorities include extended detection and response (XDR), workload security, and mobile security.
“Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector,” said Tom Kellermann, VMware head of cybersecurity strategy. “Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats.”