The sophistication of cyber-adversaries targeting banks, insurance companies, assets managers and similar finance firms can range from common script-kiddies to organised criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations, as many see the finance sector as a tempting target due to its importance in national economies, according to a report by a cyber-security company.
The report breaks down these motivations into three groups: data theft, data integrity and sabotage, and direct financial theft. F-Secure Senior Research Analyst George Michael says: “This is a useful way to think about cyber threats, because it is easy to map attacker motivations across to specific businesses, and subsequently understand to what extent they apply. Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations.”
Data integrity and sabotage – where systems are tampered with, disrupted or destroyed – is the cyber criminals’ method of choice, according to the report. Ransomware and distributed denial-of-service attacks (DDoS) are among the more popular techniques used by cyber criminals to perform these attacks.
Similar attacks have been launched by state-sponsored actors. But these are less common and often linked to geopolitical provocations such as public condemnation of foreign regimes, sanctions, or outright warfare. And while North Korea has the unique distinction of being the only nation-state believed to be responsible for acts of direct financial theft, their tactics, techniques, and procedures (TTPs) have spread to other threat actors, the report suggests.
According to Michael, this is part of larger trend that involves adversaries offering their customisable malware strains or services-for-hire on the dark web, contributing to a rise in the adoption of more modern TTPs by attackers. “North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years, so this isn’t really new information,” says Michael, “But their tactics are also being used by cyber criminals, particularly against banks. This is symbolic of a wider trend that we’ve seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals.”
Other findings include:
State-sponsored attackers and cyber criminals steal financial data to monitor the activities of specific individuals, as well as large international deals in key industries;
Techniques to steal funds via a range of systems, including SWIFT payment operators, inter-bank payment switch applications, and ATMs, are now accessible to many attackers; and
General developments in the threat landscape, including the use of distractive malware, supply chain compromises, and customised TTPs specific to the target, are relevant for the finance sector.
Michael adds: “Understanding the threat landscape is expensive and time-consuming. If you don’t understand the threats to your business, you don’t stand a chance at defending yourself properly. Blindly throwing money at the problem doesn’t solve it either – we continue to see companies suffer from unsophisticated breaches despite having spent millions on security.”
The full report is on F-Secure’s blog.
