As the world shifted to an anywhere workforce over the past year and the financial services industry moved from the bank branch to the browser, attacker strategy evolved to become much more destructive and sophisticated than ever before.
We’ve witnessed the modern bank heist escalate to a hostage situation, with the new goal of attackers being to hijack a financial institution’s digital infrastructure and to leverage it against a bank’s constituents.
The financial sector is known for its robust security postures and fraud prevention practices. But today’s cybercrime cartels have banded together to form an increasingly sophisticated and destructive force against the financial industry.
I recently interviewed 126 CISOs from some of the world’s largest financial institutions in the fourth edition of my annual Modern Bank Heists report to understand how the attackers’ offense should inform the financial sector’s defense.
Island-hopping as preferred attack method
Island-hopping has emerged as the attack mode of choice for cybercriminals this year. Island hopping is a method wherein an organization’s information supply chain is commandeered to attack the institution from within its trusted supply chain.
We saw how treacherous island hopping could be with the massive SolarWinds hack in December. Financial institutions are not immune to this trending attack method either – 38 percent of financial institutions have experienced an increase in island hopping.
The cybercrime cartels have done their due diligence. They understand the interdependencies of the financial sector, studying which managed service provider a bank uses and who their outside general counsel is.
Instead of focusing directly on the financial institutions, the cybercriminals are finding success by attacking their third-party service providers to then island hop into the bank. Once a financial institution is compromised, they can then use its legacy and trusted reputation to target its constituents.
Governments in Asia are acknowledging the growing threat of supply chain attacks and have started to take action. The Monetary Authority of Singapore (MAS) announced a new set of central banking rules in January for all financial services and e-payment firms to manage the massive risk exposure that financial institutions now face across their varied vendors.
This is a critical step towards defending against cybercriminals and serves as a wake-up call for financial institutions whose digital infrastructure could be leveraged to attack unsuspecting customers and partners.
Zeroing in on the financial market
Beyond the ecosystem of customers and partners, cybercriminals have also set their sights on financial markets at large. 51 percent of financial institutions are experiencing attacks targeting their most valuable assets – non-public market information and strategies. This intel is being utilized for market manipulation, which holds massive potential payoff for cybercrime cartels.
This tactic is economic espionage. By targeting market strategies, cybercriminals are digitizing insider trading and gaining the ability to front-run the market. This is an evolution that was predicted by the World Bank more than 15 years ago, but it is better late than never to take precautionary measures. Regulators should mandate urgently financial institutions to report any occurrence of these incidents.
Chronos attacks, which involve the manipulation of time stamps, are also increasing with 41 percent of financial institutions observing this manner of attack. In a sector highly dependent on the accuracy of timekeeping, Chronos attacks are highly disruptive given financial institutions have no way to insulate the integrity of time once deployed in a time stamp fashion. Attacks in this fashion could be used to alter the value of capital or trades.
Fortifying the financial sector
The game has changed, and so must the financial sector’s security strategy. How can the financial sector arm themselves against these sophisticated attacks? A start would be by empowering the right people.
With three in four CISOs in the financial industry still reporting to the chief information officer, the leaders of this fight do not yet have the authority and resources to build up the defense. CISOs need a well-deserved virtual corner office with a direct line of access to the CEO to ensure the trust and safety of the financial industry.
Weekly threat hunting is also a necessity and must be normalized as a best practice to fuel threat intelligence. Though 48 percent of CISOs already conduct weekly threat hunts, this must be considered a hygiene factor in maintaining the integrity of our financial institutions.
Forrester predicted that cybersecurity concerns will dominate the agendas of businesses and governments this year. With “the next SolarWinds” being a matter of when, not if – this rings truer than ever. Cybersecurity must be viewed not as an expense, but a functionality of business. Trust and confidence in the safety and soundness of the financial sector depends on it.
Tom Kellermann is Head of Cybersecurity Strategy at VMware Security Business Unit