The coronavirus pandemic has ignited a proliferation of attempts to damage, disrupt, or gain unauthorised access to the computer systems of banks and other financial institutions.
The attacks are highly sophisticated as criminals use cutting-edged knowledge and state-of-the-art equipment.
“Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities,” said the authors of a new survey by the California-based tech company VMware.
Over 82% of surveyed financial institutions said cybercriminals have become more sophisticated, leveraging highly targeted social engineering attacks and advanced TTPs for hiding malicious activity.
“These criminals exploit weaknesses in people, processes and technology to gain a foothold and persist in the network, enabling the ability to transfer funds and exfiltrate sensitive data,” the report said.
Ransomware attacks against the financial sector increased 9-fold from the beginning of February to the end of April 2020.
The rise of destructive attacks
Almost 80% of surveyed financial institutions reported an increase in cyber attacks over the past 12 months, a 13% increase over 2019.
About 27% of all cyber attacks in 2020 have targeted either the healthcare sector or the financial sector.
From February to April 2020, amid the COVID-19 surge, cyber attacks against the financial sector increased by 238%, according to VMware Carbon Black data.
Nearly 64% of survey respondents reported increased attempts of wire fraud transfer, a 17 percent increase over 2019.
“These attacks are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.”
Advanced cyber attacks
Highly innovative and constantly adapting cyber criminals are developing ever-more sophisticated cyber assault strategies.
The following are the most prevalent advanced techniques the survey respondents reported.
Island hopping: sneak attack
The island hopping attack gets its name from the World War 2 strategy adopted by the US military in its island campaign against Japan.
(US forces gradually and strategically seized control of smaller islands outside of the mainland of the axis power instead of tackling Japan head-on. The technique was commonly known as ‘leapfrogging’ at the time.)
In island hopping, hackers avoid directly attacking a well-defended target. Instead, they find a weaker element along the supply chain (another entity doing business with the target company).
This allows the cyber criminals to gain malicious information, which they then leverage to attack the target organization.
The technique itself is not new, but it has taken on new forms and increased in prevalence.
Some 34% of survey respondents said they’ve encountered island hopping, where supply chains and partners are commandeered to target the primary financial institution.
Counter incident response: the waiting game
Almost 24% of respondents said they’ve encountered an attack leveraging counter-incident response.
In a counter-incident-response attack, attackers find a way of sticking around in their victim’s networks, even after being detected.
Often, these efforts took the form of evasion tactics, where attackers bring down systems such as firewalls or antivirus solutions in order to buy themselves time to achieve their real goals.
Watering-hole attack: spooking customers
Around 20% of them experienced a watering-hole attack during the past year.
“In these attacks, financial institution and bank regulation websites are hijacked and used to pollute visitors’ browsers. This tactic is increasing as cybercriminals recognize the implicit trust consumers have in bank brands,” the report said.
And 25% said they were targeted by destructive attacks over the past year. “Destructive attacks are rarely conducted for financial gain. Rather, these attacks are launched to be punitive by destroying data.”
Lateral movement: hide and seek
Lateral movement is a technique cyber attacker use to progressively move through a network, while avoiding detection, as they search for the key data and assets that are ultimately the target of their attack campaigns.