Cybercriminals in the Financial Sector: Understanding the culprits behind the keystrokes

Posted by buguroo - 07/03/2018

The digital threat environment has intensified considerably over the last five years. Hackers orchestrated approximately 1,056 data breaches worldwide in 2013, making off with more than 575 million sensitive files, according to research from the information security company SafeNet. Over the first two quarters of last year, these nefarious coders executed over 918 large-scale breaches, including seven global events, and captured nearly 2 billion pieces of personal information. Organizations in the financial services space were among the most popular targets, absorbing 14 percent of all recorded attacks. Sadly, this state of affairs is expected to worsen over the coming years - especially for banks and other financial institutions, many of which are wading into the cryptocurrency arena where hacking is rampant, the International Data Group reported.

Financial services firms must take action to protect themselves and their customers in this increasingly dangerous digital environment. In addition to implementing modern data security protections, enterprises in the financial services space should evaluate the potential attack vectors they face and gain an understanding of the cybercriminals who ultimately let them loose. While it is impossible for internal information technology personnel to completely understand the motivations of every individual armed with a computer, coding knowledge and untoward intentions, these professionals can survey common cybercriminal profiles to get a better sense of the threats they face.

cybercriminals-in-the-financial-sector-04.jpg

Here are some of the most common types of hackers active today:

Hacktivists

These politically-driven cybercriminals have risen to prominence in recent years, leveraging their programming skills and dark web connections to disrupt operations at private or public entities they see as standing in opposition to their ideals, TechCrunch reported.

Financial services firms are common targets for hacktivists, many of whom feel these organizations have an adverse impact on the economy or perpetuate income disparity. In fact, the notions led the infamous hacking collective Anonymous to briefly shut down the Greek Central Bank in 2016, CNN reported. However, sometimes financial organizations get caught in the crossfire of hacktivists working with motivations unrelated to the industry. For example, hackers protesting dolphin hunting went after Japanese businesses across multiple sectors in 2015, executing DDoS and website defacement attacks against airports, newspapers, banks and other enterprises, according to research from NTT Security.

Cyberthieves

Hackers searching for sellable enterprise assets, personal information or actual online currency occupy this cybercrime niche, one that continues to grow with the value of intellectual property and the digitization of commerce. These cybercriminals target organizations in virtually every industry and use numerous tools to generate returns, most notably, ransomware. Detections involving this popular malware type increased by 90 percent in 2017, analysts for Malwarebytes found. Unfortunately, many of these malware attacks succeeded, leading to $5 billion in losses among affected businesses, Cybersecurity Ventures reported. Cyberthieves also target consumers directly in search of account information or credit card numbers. Albert Gonzalez is perhaps the most prominent cybercriminal to have used this methodology, The New York Times reported. After being arrested for theft in 2003, Gonzalez became an informant to the Secret Service Electronic Crimes Task Force, during which time he secretly stole credit card information for more than 180 million consumers by raiding the servers of major retailers such as 7-Eleven and Target. The hacker was sentenced to 20 years in prison for his crimes.

Gonzalez's work has inspired many other to join the ranks of the cybertheft community and go after larger targets. Russian hackers did just this in June 2017, deploying ransomware in the servers of BNP Paribas, the largest bank in France, according to Fortune. The attack, part of multiyear campaign that also ensnared the largest oil producer in Russia, briefly paralyzed the bank's real estate division before internal IT teams could mitigate the situation. While the perpetrators did not manage to extort the financial services giant, they certainly had the opportunity and may be able to try again with more advanced hacking techniques such as an account takeover attack. In these strikes, gain access to the online banking accounts and execute wire transfers, Dark Reading reported.

This problem is not contained to Europe and the U.S. Organizations in Mexico's financial space - the country's most globalized industry - have experienced an uptick in DDoS attacks and strikes involving remote access Trojans, according to researchers at the Woodrow Wilson International Center For Scholars.

In addition to these attacks targeting traditional tender, banks and other financial institutions will soon have to bear the brunt of strikes designed to shake loose bitcoin and other cryptocurrencies. Financial institutions across the globe have begun facilitating bitcoin-based transactions. Most recently, European central banks begin purchasing the currency, which is worth more than $10,600 per coin, according to CoinDesk.

This development has cyberthieves salivating. In fact, some have already carried out successful attacks. This past December, a hacker collective stole roughly $70 million in bitcoin from NiceHash, an international organization that supports one of the largest cryptocurrency mines in the world, CNN reported. Initial coin offerings, fundraising platforms for digital currency creators, are also popular targets among bitcoin-obsessed cyberthieves, who have fleeced ICOs for more than $400 million since 2015, according to Fortune.

Banks embracing cryptocurrencies are likely to voluntarily add themselves to this growing list and further solidify them as ideal marks for cyberthievery.

cybercriminals-in-the-financial-sector-03.jpg

Inside actors

When IT administrators distribute legitimate credentials to seemingly trustworthy employees, few consider that the recipients might knowingly abuse this access for personal gain. Unfortunately, this kind of activity is becoming more common. Of the 918 breaches recorded in 2018, roughly 8 percent were initiated by malicious insiders, according to SafeNet. Additionally, the attacks from these parties often do more initial damage than those of external threats, the SANS Institute found. These cybercriminals rarely use sophisticated attack methods and instead push their system permissions to the limit in an effort to cull as much information from company servers as possible before departing to other organizations. Consequently, inside actors tend to be disgruntled employees or those leaving to join competitors.

Like most businesses, financial services firms are open to attack from insiders. In fact, these cybercriminals were behind 6 percent of the more than 900 digital strikes that affected U.S. banks in 2016, according to Verizon Wireless.

With these hackers navigating networks across the globe, organizations in the financial services space cannot afford to leave their systems unguarded. Here at buguroo we help businesses in this industry address data security gaps via cutting-edge fraud detection, bugFraud. Connect with us today to learn more about our solutions and how they can help your financial institution protect its customers and its organization.

Deep Learning for Online Fraud Prevention

cover

 

Topics: webinjects, malware, account takeover, stolen credentials, authentication, banking Trojan

 

 

Deep Learning for Online Fraud Prevention


recent posts

My personality may make me susceptible to phishing

read more

Cyberprofiling. Above and beyond digital fingerprint comparison.

read more

Cryptocurrency malware: an explosive mix!

read more