Financial Services Cybersecurity: Mitigating Attack Surface Threats with Intelligence
The financial services industry fulfills numerous societal needs in today’s world, from allowing payments and transactions to promoting economic resilience. To enable this reliance, financial services organizations have long harvested the benefits of technology and spurred a wave of advancements capitalizing on new opportunities, from improved speed and convenience to an enhanced customer experience.
But while tremendous innovations in internet banking, mobile apps, and instant payments have made these benefits possible, they have also opened new attack vectors and potential exposures in the IT infrastructure of financial service providers and challenged their core: customer trust.
Financial services organizations across the globe must, at all times, secure customer data and maintain their confidence. Such a challenge is compounded by the stringent regulations that surround the handling of consumer data. And with the threat of massive financial, regulatory and reputational consequences hanging in the balance, fortified cybersecurity is not only a commodity; it’s a necessity.
Importance of Cybersecurity for Financial Services Organizations
It has been five years since the massive Equifax breach, which involved the loss of 148 million personal records and led to a $700 million court settlement. The Equifax breach had a wide-reaching blast radius, impacting and challenging attitudes toward cybersecurity across the global financial sector and the public. Unfortunately, the most significant lessons learned from this breach haven’t seemed to “take.”
In 2020, Christine Lagarde, President of the European Central Bank and former head of the International Monetary Fund, warned that a severe cyberattack could trigger a financial crisis. While most financial institutions plan to or are already investing heavily in cybersecurity, financial data breaches accounted for 153.3 million leaked records from January 2018 to June 2022, according to research by Comparitech.
What trends are exacerbating the current cyber risk faced by financial services providers?
The financial sector’s ongoing digital transformation and the post-pandemic increase in cloud reliance have caused the sector’s attack surface to grow exponentially, exposing organizations to increased cyber threats. The current economic turmoil has also led to a rise in malicious actors looking to steal sensitive information and sell it on the dark market, or to commit fraud and gain access to an account’s funds. And because financial services organizations work with large amounts of information about clients, partners and employees, such sensitive data makes them ideal targets for cybercriminals.
Top Cyber Threats to the Financial Industry (Updated 2023)
To better understand how the financial sector can boost its cyber resilience and keep its infrastructure and data secure, let’s examine the current state of financial service providers' most perilous cyber threats across North America, Europe, the Middle East, and Africa.
Phishing attacks often involve emails designed to appear legitimate—to trick the user into opening a malicious link that installs malware on the recipient's computer or visiting a website domain designed to look convincing enough for the visitor to log in and divulge their credentials. This can cause severe financial and reputational damage to financial firms.
Phishing attacks are common in financial services companies. Recently, news broke out that a persistent campaign has been targeting major financial institutions in French-speaking African countries for over the last two years. The campaign was discovered by Check Point Research and dubbed 'DangerousSavanna.' It relied on spear phishing to infect the computers of major financial corporations’ employees and successfully affected at least three organizations.
Recent research conducted by our team highlights the increasing trend of ransomware attacks in the financial sector outside the United States. While U.S. financial institutions have effectively implemented security infrastructures to protect against ransomware, resulting in a significant reduction of these attacks, institutions in other parts of the world are experiencing a notable rise. Between April 2019 and April 2020, Recorded Future documented over 200 publicly reported ransomware attacks on banking and financial institutions outside the U.S., compared to just over 40 in the U.S. during the same period.
Ransomware is a type of malware that targets individual users or systems, encrypting a specific number of files on disk only to deny access to the owner at a later time. Access to those files can be restored after a ransom is paid.
While other cyber threats commonly aim to steal sensitive data, cyber criminals use distributed denial of service (DDoS) attacks to flood a website with traffic from various compromised devices and IPs, causing it to crash. DDoS attacks can interrupt and fully stop business operations, leading to significant financial losses. They are especially common and dangerous for financial services organizations.
In 2021, a German organization operating technology for the country’s cooperative banks, Fiducia & GAD IT, suffered a DDoS attack that impacted over 800 financial institutions. And financial services organizations across the entire EMEA region and North America are at risk of ransomware attacks as well.
A report by Radware shows that in 2021, 25% of all DDoS attacks affected the financial industry, making it the most targeted sector. This is due to DDoS attacks often being used as part of a more complex attack chain, where taking down a website is merely a distraction from an even more serious action, such as an entire account takeover or money laundering.
Exploitation of Vulnerabilities and Misconfigurations
Exploiting known vulnerabilities and misconfigurations is one of the most common attack vectors malicious actors use for initial access, allowing them to target several organizations at once. By scanning for assets containing vulnerabilities during the first stages of an attack, attackers can target many organizations.
Meanwhile, exploitation of security vulnerabilities and misconfigurations has been testing financial cyber defense strategies globally. A recent report by the Insikt Group reveals that TAG-71, associated with North Korean cyber espionage, has launched spoofing attacks against financial institutions in Asia and the U.S., utilizing fake domains to penetrate networks and exfiltrate sensitive data. For example, who can forget the Log4J vulnerability that impacted critical infrastructure, including financial services?
As mentioned, financial services organizations have taken advantage of cloud technology and achieved many digital transformation successes. This includes new digital services, the use of third-party software, platform modernization, and the deployment of new technologies. In turn, all this growth largely extends attack surfaces across financial services organizations. Such a complex environment can make it challenging for organizations to identify, monitor, and protect each digital asset, while even a single misconfiguration can provide attackers with the initial entry point they need.
Supply Chain Attacks
Supply chain attacks are becoming more widespread and more sophisticated. The SolarWinds attack showed how a cyberattack on a single vendor could have a blast radius impacting governments and organizations worldwide.
As financial organizations increasingly use third-party vendors to host, connect, and protect a large part of their IT infrastructures, managing cyber risks in supply chains is one of the biggest security challenges for organizations everywhere. Reports show that the vast majority of Middle East and African business leaders across large organizations, including financial, struggle to understand the risks their digital supply chains pose. With governments imposing strict regulations on financial services, visibility and management of their third-party infrastructure are crucial to avoid damaging cyberattacks.
Key weaknesses that are often exploited
Lack of Multi-Factor Authentication in Financial Institutions
The adoption of multi-factor authentication (MFA) by financial services firms is an effective countermeasure against the predominant issue of compromised credentials. MFA adds an additional layer of security, drastically reducing the likelihood of unauthorized access. Verizon's 2023 Data Breach Investigations Report highlights that 86% of breaches involved credential theft, suggesting that financial institutions that implement MFA can better protect customer data and reduce the incidence of cyber attacks. This report underscores the critical role MFA plays in protecting online financial transactions and preserving the integrity of the financial system.
Lack of Third-Party Risk Management in Financial Services
Third-party risk management is a critical component of cybersecurity for financial services companies. As these entities increasingly rely on external vendors for various services, the risk of a security breach through a third party escalates. The Ponemon Institute's study shows that breaches involving third parties are not only becoming more common but are also more costly. It stresses the importance of financial firms conducting thorough due diligence and continuous monitoring of their vendors to safeguard against the exploit of vulnerabilities within their supply chains.
How to Reduce Attack Surface Exposure and Mitigate Security Risks in the Financial Sector
Through digital transformation, financial institutions are more dependent on the internet than ever. Its many advancements have resulted in the proliferation of countless digital assets across financial institutions. With so many cyber threats increasingly targeting financial services and their ever-growing IT infrastructures, the ability to have a real-time, full understanding and overview of all internet-connected assets becomes a key role in fortifying their security posture. Implementing a robust threat intelligence strategy enables these institutions to identify, assess, and mitigate cyber threats in a timely manner, thus significantly reducing the attack surface exposure and enhancing their ability to safeguard sensitive financial data.
In the current risk landscape, the financial sector remains an attractive target for cybercriminals due to the vast amounts of valuable data breaches and the intricate nature of financial institutions' computer systems. As such, adherence to stringent cybersecurity regulations is non-negotiable, and the deployment of comprehensive cybersecurity measures is essential. Insider threats continue to pose a significant risk, often exacerbated by malicious software that can infiltrate networks undetected. The increasing adoption of cloud computing also expands the attack surface, necessitating a more sophisticated and layered cybersecurity strategy. This strategy must account for the full spectrum of threats, from distributed denial of service (DDoS) attacks that can cripple infrastructure to sophisticated breaches that silently siphon data. Effective cybersecurity measures must be dynamic and proactive, leveraging threat intelligence to anticipate and neutralize threats, thereby safeguarding the sector's critical assets and maintaining its resilience against attacks.
Recorded Future’s Attack Surface Intelligence is a platform that allows organizations to achieve proactive attack surface monitoring and uncover any blind spots, empowering security teams to prioritize and mitigate risk across their evolving IT infrastructure.
Without a complete overview of an organization’s internet-facing assets, it’s easy to overlook a vulnerability. For instance, when a certain CVE is observed in the wild, it can be hard to discover and mitigate if you don’t know what assets need scanning. Furthermore, if a cyberattack occurs, lacking a complete inventory of all your assets can make the threat identification process much longer, leading to a more disruptive incident.
Keeping an accurate, up-to-date asset inventory is essential for any financial services organization that utilizes internet-connected resources. With 10+ years of historical data and deep context on hostnames, domains, IPs, SSL certificates, and more, Attack Surface Intelligence provides financial services companies with a straightforward way to manage their attack surface as it grows, allowing them to spot any inconsistencies that can signal risk, such as phishing domains.
Because it's imperative to fully know and understand your entire IT infrastructure, Attack Surface Intelligence’s continuous monitoring provides real-time visibility into all digital assets and their changes. As one's attack surface is constantly evolving, having this continuous visibility into its state, location, and overall security rate is critical in understanding your digital footprint and the risks that could lead to a cyberattack. With continuous infrastructure monitoring, security teams can be aware of the risk as soon as it appears on an asset, providing a timely chance to accelerate remediation.
With third-party risk and supply chain attacks posing a significant threat to financial service organizations, it’s crucial to monitor and maintain an inventory of all these resources and to be able to find any exposures.
That’s why Attack Surface Intelligence’s Inventory Tab has a handy feature: Admin Panels.
Admin Panels locates administrator panels from popular technologies and software in mere seconds. This allows security teams to find exposed control panels that may be out of compliance with policies, adding unnecessary risk to your organization.
Among its many highlights, the Admin Panel detects all affected IP addresses and hostnames.
Discover more in our interview with Matt Bittick from Cummins. He shares key insights in "The Art of Defending Your Attack Surface" focusing on the critical role of attack surface protection in managing admin panel risks.
While discovering assets containing risks and vulnerabilities, Attack Surface Intelligence provides contextual information to improve risk mitigation. Risk Rules uncovers the most significant weaknesses within the attack surface, making identifying and prioritizing risks easy.
Listing the key risks of digital assets and classifying them based on severity allows security teams to prioritize remediation. To mitigate common vulnerabilities and misconfigurations, Risk Rules includes deep insight into risk severity, affected hostnames, technical references found on the internet, and project metadata such as ID, title, and snapshot creation date of a CVE.
The financial services sector needs a modern, robust security solution to manage and protect their growing IT infrastructures in the wake of increased cyber threats, regulations, and consumer demand.
As threat actors continuously evolve, financial services organizations face the critical need to enhance their response capabilities against a growing threat landscape. With every data breach, the stability of financial systems is tested, and the reputation of financial companies is put on the line. In an age where financial apps and online services are ubiquitous, the protection of customer information, especially within credit card companies, becomes paramount against advanced persistent threats.
A robust cybersecurity solution is the cornerstone upon which financial organizations must build to safeguard their expansive IT infrastructures. Recorded Future’s Attack Surface Intelligence equips these institutions with the tools to proactively monitor, manage, and control critical data, ensuring the security and resilience of their financial systems.
Learn how world-class financial organizations use Attack Surface Intelligence to monitor, manage and control their critical data. Book your demo today.
Financial services organizations need a modern, robust security solution to manage and protect their growing IT infrastructures in the wake of increased cyber threats, regulations, and consumer demand.
Learn how world-class financial organizations use Attack Surface Intelligence to monitor, manage and control their critical data. Book your Demo Today.
This article was originally published on Jan. 17, 2023, and last updated Dec. 4, 2023.