Attackers use hidden tunnels to steal financial data

Global financial services organizations are targeted by sophisticated cyber attackers in an attempt to steal critical data, according to a new report.

The study from threat hunting company Vectra says attackers build 'hidden tunnels' masquerading as other web traffic to break into networks and access critical data and personal information. These tunnels are used to remotely control an attack and steal data while remaining largely undetected.

The report shows that while financial services firms didn't experience the same volume of breaches as other industries, they still face considerable risk as lucrative targets of attackers in search of a windfall.

"Every industry has a profile of network and user behaviors that relate to specific business models, applications and users," says Chris Morales, head of security analytics at Vectra. "Attackers will mimic and blend in with these behaviors, making them difficult to expose."

Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined. There were also more than twice as many hidden data-exfiltration tunnels in financial services. Across all industries, for every 10,000 devices 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services.

"What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems," Morales adds. "The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data."

You can find out more in the full report available from the Vectra website.

Photo credit: Nomad_Soul/Shutterstock