High risk vulnerabilities in fintech soar over the past year
Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.
According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.
Ransomware has overtaken personal data breaches as the threat to dominate cybersecurity news across the world in 2021. Global lockdowns and remote work caused a rush to put more assets online, which led to an increase in vulnerabilities. In turn, security buyers invested heavily to incentivize ethical hackers to find critical threats, causing P1 and P2 bugs to make up 24 percent of all valid submissions for the year.
While in the past, Advanced Persistent Threats (APTs) were defined by highly advanced tactics and clandestine operations, this approach has started to shift in 2021 toward more commonplace tactics such as 'N-day' exploits, which are attacks on known vulnerabilities. Diplomatic norms around hacking have also weakened such that nation-state attackers are now less concerned with being stealthy than in the past.
"Significantly, we've seen a democratization of such threats due to an emerging ransomware economy and a continued blurring of lines between state actors and e-Crime organizations," says Casey Ellis, founder and chief technology officer for Bugcrowd. "All of which, combined with growing and more lucrative attack surfaces, have made for a highly combustible environment. In 2022, we expect more of the same."
In the financial services and software sectors, the report reveals increased levels of ethical hacker activity, it also shows increased severity levels and higher payouts to incentivize the discoveries made by security researchers.
Accelerated digital transformations have also increased efforts to strengthen security postures, as a greater share of revenue comes from online transactions. Financial services companies needed to move quickly on this issue due to the sector's critical importance for businesses and consumers. Valid submissions rose 82 percent across the FinServ sector. In addition, researcher payouts for discoveries grew 106 percent in FinServ. In the software sector total researcher payouts grew by 73 percent, reflecting the increasing impact of validated bugs.
The full report is available from the Bugcrowd site.