Ransomware, supply chain and deepfakes: the main threats the financial sector must prepare for
The financial industry is constantly targeted by many threat actors, and they are constantly innovating and trying new techniques (such as deepfakes) to outwit security teams and breach an organization’s network.
On top of that, there is currently a huge demand for data and new tools on the dark web. In fact, users are constantly selling access to point-of-sale (PoS) terminals and login credentials to websites of financial services organizations.
How can financial organizations protect themselves from existing threats and combat new ones at the same time?
Today’s Threat Landscape: Ransomware and the Supply Chain
Ransomware is a threat that has been around for quite some time and is favored by many cyber criminals. Unfortunately, the use of ransomware as an attack vector has grown exponentially over the past year as data continues to gain and retain value with the expansion and reliance on the internet.
Ransomware attacks were previously limited to a single attack/extortion attempt, where hackers demanded payment in exchange for decrypting the target organization’s files that they had encrypted. To prevent victims with working backups from refusing to pay, attackers began to implement the method of double extortion, i.e. demanding payment to decrypt files and not publishing the data that they extracted.
But lately, we’ve seen threat actors go one step further: triple extortion. Ransomware gangs encrypt files, threaten to release the stolen data, then launch a DDoS attack on organization systems, leaving businesses in a state of total disruption.
In addition to ransomware, supply chain attacks have been very effective lately and are also on the increase, with the current trend seeing most of them targeting software vendors, with high profile examples including attacks against SolarWinds and Codecov.
Increase in demand on the dark web
The underground market removes barriers to entry into cybercrime and makes it incredibly easy for anyone to become a hacker. Back then, cybercriminals needed to be technically savvy to launch impactful and disruptive cyberattacks. Today, the market has become much more service-oriented with things like DDoS-as-a-service and ransomware-as-a-service readily available to unskilled cybercriminals looking for a quick win.
Another example we’ve seen rise recently is hackers offering RDP access to PoS endpoints, with some being sold for up to $5,000, allowing others to simply access an organization’s servers and perform any malicious activity of their choosing.
Additionally, there are several dedicated black market sites that have been created solely for the purpose of buying and selling dial-up credentials. Threat actors have deployed bots and installed malware on endpoints around the world to harvest credentials and sell them for $10-20 on these dedicated sites. These credentials include those of financial services websites and login portals. With a single click, hackers can access a customer’s account, make bank transfers and collect sensitive data on the site, which is then resold or used to facilitate further crimes.
The Emerging Threat
As attackers develop more techniques to put pressure on organizations, ransomware attacks will only grow in popularity, and I predict we’ll see ransomware continue to evolve to target things like mobile devices. and IoT/OT. For financial services in particular, where mobile banking is widely used, it will be of utmost importance to focus on protecting mobile devices.
Besides ransomware, the next technique we are likely to see develop is the use of deepfake technology. While not yet a trend or something we’ve seen many attacks take advantage of, there have been examples such as the recent $35 million bank robbery that suggest the technique is emerging and will be one to watch by the financial services industry.
Based on the hacker chatter we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019. Based on this, we can expect hacker interest in the technology deepfake is on the rise and will inevitably see deepfake attacks become the most used method for hackers in 2022.
Additionally, like many other cyberattack methods, we anticipate that threat actors will seek to monetize the use of deepfakes by beginning to offer deepfake-as-a-service, providing less skilled or knowledgeable hackers with the tools necessary to take advantage of these single-click attacks. of a button and a small payment.
Getting ahead of the attackers
Financial services customers frequently ask us how to anticipate ransomware attacks and avoid falling victim to them. One piece of advice I always offer is to follow the most popular attack vectors used by threat actors and align your security strategies and solutions accordingly.
In 2021, we saw a reduction in the use of RDP as an attack vector, especially used in attacks like WannaCry and NotPetya, and an increase in the number of hackers favoring spear phishing to help them launch phishing attacks. ransomware.
It is very common to see hackers move to new attack vectors following high profile attacks, as organizations tend to focus their energies on understanding that specific attack vector and therefore put in place measures to prevent hackers from using it, making their job more difficult. Unfortunately, this means organizations lag behind when it comes to defending their networks and data – once one set of security measures is in place, another threat emerges.
Cybercriminals are always on the lookout for new tools and techniques to target organizations and the financial sector is an obvious choice. To prepare for and protect against cyberattacks, banks and other financial services organizations not only need to bolster their security stack with solutions that patch the vulnerabilities we know about and that hackers exploit, but they also need to be aware of what it takes come and act accordingly.
As 2022 approaches, it will be critical that all businesses have access to intelligence that not only gives them full visibility into their environment, but also into the broader threat landscape, preparing for threats such as ransomware and supply chain attacks like the ones we’ve seen this year. Additionally, as we see deepfake technology and other attack methods grow in the financial industry and cybercriminals continue to become more service-oriented, organizations need to ensure they are armed with solutions and resources to combat “potential” threats. from the future.