Financial sector faces a broad range of cyberthreats
The finance industry is a prime target for cyberattacks and a new report from F-Secure shows that it's facing a wide range of threats that go far beyond traditional theft.
Attacks targeting banks, insurance companies, asset managers and similar organizations can range from common script-kiddies to organized criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations for their actions, with many seeing the finance sector as a tempting target due to its importance in national economies.
"This is a useful way to think about cyber threats, because it is easy to map attacker motivations across to specific businesses, and subsequently understand to what extent they apply," says F-Secure senior research analyst George Michael. "Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations."
Sabotage -- where systems are tampered with, disrupted or destroyed -- is the cybercriminals' attack method of choice. Ransomware and distributed denial-of-service attacks (DDoS) are among the more popular techniques used by cyber criminals to perform these attacks.
Other threats include state-sponsored attackers and cybercriminals stealing financial data to monitor the activities of specific individuals, as well as large international deals in key industries. There are also attempts to steal funds via a range of systems, including SWIFT payment operators, inter-bank payment switch applications, and ATMs, techniques which are now accessible to many attackers. More general developments in the threat landscape, including the use of distractive malware, supply chain compromises, and customized tactics, techniques, and procedures specific to the target, are relevant for the finance sector too.
"Understanding the threat landscape is expensive and time-consuming," says Michael. "If you don't understand the threats to your business, you don’t stand a chance at defending yourself properly. Blindly throwing money at the problem doesn’t solve it either -- we continue to see companies suffer from unsophisticated breaches despite having spent millions on security."
The full report is available on the F-Secure blog.