What type of threats will financial services and banking organizations face in 2019? According to IntSights Cyber Intelligence, they should be prepared for breaches effected through compromise of established vendor software or SaaS products, and vulnerable third-party, open source software implemented in the applications they use.
Also: extortion attempts. “Regulation fines and brand reputation damage can be way more costly than downtime or lost data. Given the large fines for GDPR laws and massive data breach incidents in the US that drew attention from the Senate, we believe attackers will try to leverage a company’s fear of similar incidents,” the company explained in a recently released report.
Finally, the researchers expect more attacks mounted by lowly criminals, who are taking advantage of Cyber-Attacks-as-a-Service offerings that are getting increasingly affordable.
“For anywhere from a few hundred dollars to few thousand dollars, you can run a massive DDoS or phishing attacks with limited knowledge of how they work,” they noted.
Current threat landscape
The industry is currently a “playground” dominated by well established and sophisticated cybercrime (Money Taker, Carbanak, Cobalt) and nation-state APT groups (Lazarus Group), each of which has their preferred tools and tactics.
Over the past year, the company has seen a surge in attempts to attack banks across both existing and new vectors, including targeting major bank transfer platforms (such as SWIFT), phishing emails and phishing websites to steal credentials (targeting both customers and employees), mobile malware and fake mobile applications, ATM scamming methods, ATM and PoS (Point of Sale) attacks, DDoS campaigns and attacks against e-banking interfaces.
They also witnessed a 135% increase in bank data (financial information, bank account logins, IP addresses, domain names) offered for sale on black markets, as well as an 149% increase in stolen credit card information.
“Black markets are full of vendors that offer ‘high balance bank accounts logins’ at major banks within the USA, Europe and Asia. The cost for a single bank account login with ‘fullz’ (full name, date of birth and full address) is about $20. Some vendors will sell accounts in groups, for example, 1,000 fresh bank accounts logins can be sold for $5,000 (or $5 per account),” the researchers shared.
“in 2018, we’ve typically seen single fresh credit card information for sale starting around $20 for cards with a relatively low balance amount (e.g. $100). For cards with higher balances (e.g. $10,000) hackers can get up to $1,000 per card. A dump of 100 cards usually costs about $150 – $500 depending on the dump quality.”
Not all of the sellers peddle their stolen wares on dark web markets – some have switched to using closed groups and encrypted chat rooms on social networks and chat platforms, in an attempt to keep their activities more difficult to track and monitor by both law enforcement and researchers.
IntSights advises financial companies to keep an eye on what’s happening on the dark web in order to flag and track threats specific to their organization, to leverage automation tools to go through mountains of information, to think more in terms of risk than compliance, and to invest into cyber security training.
“By training your entire organization to be aware of common hacker tactics, you can significantly strengthen one of the most common and successful attack vectors for cybercriminals,” they pointed out.