New heists turn to hijacking banks’ digital infra

Preview in new tab

Attacks against banks have evolved over the past year such that the new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. 

According to Tom Kellermann, head of cybersecurity strategy at VMware Security Business Unit, such modern bank heists stem from the global shift to an anywhere workforce. Attacks against financial institutions more than tripled last year.

VMware, for their fourth annual Modern Bank Heists report, interviewed 126 CISOs who represent some of the world’s largest financial institutions. 

Findings show that the financial sector is facing an onslaught of sophisticated cybercrime conspiracies involving cybercrime cartels.

“Excluding SolarWinds, 38% of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation,” said Kellermann. “Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers.”

Island hopping occurs  when an organization’s information supply chain is commandeered to attack the institution from within its “trusted” supply chain.

Results also revealed that there has been a 118% increase in destructive attacks as we see geopolitical tension play out in cyberspace. Cybercriminals are also starting to “burn the evidence” after a successful attack.

More than half (51%) of financial institutions experienced attacks targeting market strategies. This is economic espionage — the digitization of insider trading and front-running the market. 

More than two-fifths (41%) of financial institutions experienced an increase in brokerage account takeovers. This means they can gather intel and make financial bets that give them the capability to massively influence markets. 

Further, 57% of financial institutions saw an increase in wire transfer fraud. Whether through MiTM (man in the middle), malicious insiders or phishing, attackers are committing wire transfer fraud because it’s hard to follow the money trail once complete.

To respond to this latest development, VMware suggests that financial firms conduct weekly threat hunting and normalize it as a best practice to fuel threat intelligence. 

Also, they should integrate their network detection and response with their end-point protection platforms, apply “just in time” administration, and deploy workload security.

“The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO,” said Kellermann. “This year 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.”