Financial Crime World

Financial Sector Warned of Persistent Threats from Advanced Actors

The banking sector is facing a heightened risk of cyber attacks as advanced threat actors are likely to continue targeting its software supply chain.

New Vulnerability in Financial Defenses

According to Sekoia, financial aggregators - companies that collect and process financial data on behalf of others - have emerged as a new vulnerability in the sector’s defenses. These aggregators, which operate outside traditional banking regulations, are supported by technologies with potential vulnerabilities. In February 2023, an attack on aggregator Dexible highlighted this risk, allowing attackers to manipulate user tokens and steal sensitive data.

IMF Warns of New Risks

The International Monetary Fund (IMF) has also warned that new financial technologies can generate new risks, including poor security architecture in APIs (Application Programming Interfaces) that could lead to leaks of sensitive data.

Malware and Ransomware Pose Major Threats

Financially-oriented malware, which targets credit card information, banking credentials, and cryptocurrency wallets, has been around for years. However, the increasing number of mobile banking Trojans - up 100% in 2022 compared to the previous year - is a particular concern.

  • Spyware, designed to collect keystrokes and sensitive data, has also seen a surge in use by bank fraudsters.
  • Ransomware attacks on the financial sector have become more frequent, with requests ranging from $180,000 to $40 million.

DeFi and Blockchain Bridges Under Attack

Decentralized finance (DeFi) platforms, which rely on blockchain technology, are also vulnerable to cyber threats. Threat actors, including state-sponsored groups like Lazarus, are targeting employees of DeFi organizations to steal cryptocurrencies.

  • In 2022, blockchain company Chainalysis reported a loss of $3.8 billion due to cross-chain bridge protocols, with 64% of the losses attributed to these vulnerabilities.

Blurred Lines between Cybercrime and State-Sponsored Espionage

Attacks on the financial sector often blur the lines between cybercrime and state-sponsored espionage. Some attacks may be aimed at financial gain, while others may have strategic goals.

  • In some cases, threat actors may disguise their operations as financially-oriented when they are actually conducting cyberespionage.
  • This complexity makes it challenging to attribute attacks and requires continued vigilance from the sector.

Reducing Cyber Threat Risks

To mitigate these risks, employees of financial organizations must be educated on detecting phishing attempts and fraud. They should also have a clear reporting mechanism for suspicious activity.

  • Organizations should also prioritize supply chain security, carefully checking open-source software before deployment to prevent indirect attacks.
  • As the financial sector continues to evolve, it is crucial that companies remain proactive in addressing these threats and protecting their customers’ sensitive data.