Organizations operating within the financial services industry represent an attractive target for threat actors.
Here’s three types of threat facing financial services we observed in 2016:
1. Banking Trojans
Throughout 2016, we observed the continual evolution of banking Trojans, such as TrickBot, GozNym (Figure 1) and Panda. As banking trojans evolve we will see them adopt increasingly complex techniques, spread to new regions, and incorporate new languages. Early detection of changes to targeting trends can help organization to be better prepared.
Figure 1: GozNym for sale on a dark web marketplace
2. Targeted intrusions
Throughout 2016, a relatively large number of network intrusions targeting the financial services and banking sector were reported, including several major thefts. This includes attacks on the SWIFT interfaces, as well as actions by KS Group and Buhtrap. It’s no surpise we’ve seen a continuation of this activity in 2017, including a campaign against 84 financial services organizations.
The arrests of key members of DD4BC in early 2016 failed to halt the trend in DDoS extortion. Actors such as Armada Collective, Kadyrovtsy and vimproducts were all credible actors in this space. Of course, understanding the veracity of threats is a challenge for organizations.
Another approach to extortion emerged through ransomware. Barely a week went by without another variant being offered or sold online. Understanding the tactics of these actors – such as delivery methods – can help organizations to better protect themselves. Indeed, spam emails, malicious attachments and exploit kits such as RIG are likely to remain viable delivery methods for ransomware in 2017. A rise in Ransomware-as-a-service models will make it easier for these types of attacks to proliferate. Figure 2, for examples, shows nearly 1,200 sales of a ransomware source code on a dark web marketplace.
Figure 2: Ransomware sourcecode for sale on dark web marketplace
Aside from DDoS extortion and ransomware, an interesting development to extortion occurred in the case of Valartis Bank in Liechtenstein, where an actor attempted to extort the customers themselves in order to diversify their revenue stream.
Of course, it’s not all about the financially motivated actors; ideological actors, such as hacktivists, can also offer a real threat.
Successful attacks can have widespread and damaging impact for organizations and their customers. By understanding the threats and tactics, techniques and procedures (TTPs) that security professionals in the financial services sector, organizations can better manage their digital risk and align security strategies in 2017.