Cyber crooks now go for the kill instead of just filching funds

Image courtesy of VMware

Financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years’ past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks. 

The fifth annual Modern Bank Heists report from VMware shows that 63% of financial institutions admitted experiencing an increase in destructive attacks, with cybercriminals leveraging this method as a means to burn evidence as part of a counter incident response. 

VMware conducted in February 2022 an online survey of 130 financial sector CISOs and security leaders from North America, Europe, Asia-Pacific, Central and South America, and Africa.

Among respondents, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom. 

When asked about the nation-state actors behind these attacks, the majority of financial instructions stated that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace. 

The report also found that once cybercriminals gain access into a financial organisation, they are no longer after wire transfers or access to capital as traditionally assumed. Cybercriminal cartels are now seeking nonpublic market information, such as earnings estimates, public offerings, and significant transactions. 

Two-thirds (66%) financial institutions experienced attacks that targeted market strategies. This modern market manipulation aligns with economic espionage and can be used to digitize insider trading. 

Findings also show that 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. 

The increase represents a new era of conspiracy where hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome.

Also, 67% of financial institutions observed the manipulation of time stamps, an attack called Chronos. Notably, 44% of Chronos attacks targeted market positions.

Further, 83% are concerned with the security of cryptocurrency exchanges. The advantage for cybercriminals of targeting cryptocurrency exchanges is that successful attacks can be immediately and directly turned into cyber cash.

In addition, the majority of financial institutions plan to increase their budget by 20-30% this year. Top investment priorities include extended detection and response (XDR), workload security, and mobile security.

“Security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilising wipers and Remote Access Tools (RATs), and a record-breaking year of Zero Day exploits,” said Tom Kellermann, head of cybersecurity strategy at VMware.

“Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats,” said Kellermann.