Cybercrime trends and Financial Services
By Doros Hadjizenonos, Regional Sales Director for Fortinet in South Africa
The same concept holds true for cybercrime and the Financial Services industry. At the end of the day, regardless of who the ultimate victim of a cyberattack is, the end goal of most cyber events continues to be financial gain.
Cybercriminals increasingly target online banking and mobile apps
According to Fortinet’s Threat Landscape Report, over one-quarter of organisations experienced a mobile malware attack in Q3 of 2018, with the vast majority of those attacks targeting or originating from devices running the Android operating system.
Exploits targeting banking apps on mobile devices, for example, are a significant part of this growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device, but can be used to collect personal banking information using phishing apps, intercept data moving between a user and his or her online bank, and monitor financial transactions when purchasing goods or services online.
Additional threat trends the financial sector needs to follow
In addition to mobile threats, we have documented three additional attack strategies that financial security teams need to be paying special attention to:
Cryptojacking has become a gateway for other attacks. In many industries, including financial services, cryptojacking has leapfrogged ransomware as the malware of choice. While ransomware continues to be a serious concern for financial networks, the number of unique cryptojacking signatures nearly doubled in the past year, while the number of platforms compromised by cryptojacking jumped 38%.
2. Encrypted traffic
Encrypted traffic reaches a new threshold. While encrypted traffic has always been a staple of financial organisations, it now represents an unprecedented 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data and transactions, it also represents a challenge for traditional security solutions.
Botnets are getting smarter. The number of days that a botnet infection was able to persist inside an organisation increased 34% during Q3, rising from 7.6 to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organisations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, protecting IoT and other devices that can’t be directly hardened, and thoroughly scrubbing a network after an attack has been detected.
Addressing the challenge
The challenge facing many financial organisations is that new digital transformation efforts have spread security resources thin, restricting visibility and fragmenting the controls of many IT teams. Addressing these latest attack vectors includes:
- Beginning your security transformation. Digital transformation requires an equivalent security transformation effort.
- Integrating automation. As the speed of threats rapidly increases, the time windows for prevention, detection, and remediation continue to shrink. Rapid response times are crucial.
- Identifying and tracking all mobile and IoT devices. One essential approach to combatting things like cryptojacking involves maintaining a comprehensive inventory of devices (especially the mobile devices of end users) through third-generation network access controls and then baselining their behaviour.
- Securing any customers that use mobile banking apps. One recent analysis found that nearly a third of businesses around the globe used a mobile device to access a corporate bank account or facilitate a corporate transaction – a trend that researchers said is “certain” to continue. To protect these customers, start by educating them about your legitimate banking applications. This includes constantly reminding them of what sorts of information you will – and won’t – ask for, such as online “password validation” or “account validation” techniques used by phishers and scammers.
In addition, some major banks have begun adding things like biometrics to their applications to protect consumers and better secure data and transactions. Organisations should regularly scan the internet for fraudulent applications, warn consumers when they are found, and apply pressure on application stores to remove them from their inventories.
Cybersecurity challenges continue to grow, and financial institutions– especially those in the midst of digital transformation efforts – are being highly targeted by cybercriminals. At the same time, they are suffering the same challenges of other organisations, including figuring out how to inspect and secure the growing volume of encrypted traffic, battling the persistence of botnets, and addressing new malware trends such as cryptojacking.
To successfully address today’s challenges, the security teams of financial services organisations need to rethink their strategy, from automating their security hygiene measures to replacing isolated security devices with an integrated security fabric architecture that can seamlessly span the growing attack surface.