The financial services industry continues to be a prime target for cyber criminals. The opportunities available to steal payment card data, online banking accounts, compromise ATM machines using ransomware, cryptomining, and other malware, is simply too tempting. And the rate and sophistication of attacks is only getting more difficult to manage and protect against. The transitionary period many financial services organisations find themselves in while on their path to digitisation adds another layer of complexity. Especially when these organisations are trying to blend new technology with legacy systems, all while meeting evolving compliance standards.

As financial ecosystems open up, the prevalence of shared banking systems and third-party networks are exposing the financial services industry to a broader threat perimeter than ever before. And all too often, businesses aren’t equipped to deal with the attendant risks.

Catch that threat…if you can

One of Fortinet’s recent Threat Landscape Reports highlights threats targeted at various industries, including financial services. Launched in 2017, Coinhive, a cryptojacking service, focused on the Monero cryptocurrency, and had great success in the black market. However, Coinhive announced in February that it would be shutting down, in part because the value of the Monero currency crashed, on top of the introduction of an algorithm that made mining Monero slower, rendering it ineffective in today’s high stakes and speed obsessed hacking environment.

No surprise though, that cyber criminals have been quick to fill the gap by developing several new techniques to replace Coinhive, looking beyond malware and in-browser attacks.

The financial services bullseye

Due to the sensitive nature of the data that financial services organisations collect; these businesses have a bullseye on their infrastructure. Criminal gangs frequently target financial services organisations and one such criminal enterprise is known as the Silence Group. While they primarily target financial institutions in Russia and eastern Europe, the infrastructure they rely on to support their criminal activities has expanded on a more global scale, including Australia, Canada, France, Ireland, Spain, Sweden, and the United States.

They’ve also grown more sophisticated, recently employing “living off the land” tactics by leveraging pre-installed and publicly available tools such as PowerShell, that allow them to accelerate lateral movement across a network while enhancing evasiveness because they use processes the network has already identified as legitimate.

In another attack, this one a spear phishing strategy, the Silence Group managed to compromise banks to gather financial data and enable the remote withdrawal of money from ATMs, an attack known as “jackpotting.”

Another criminal team, known as Emotet, launched several new campaigns during the first few months of 2019 using information-stealing, ransomware, and banking Trojan modules.

Finding the money pot

There has been a calculated shift away from random attacks, towards more tailored ransomware. One recent example is LockerGoga, a ransomware variant that surfaced early this year. This attack requires existing access to a network either through brute force, spearphising or previous malware infection. Once installed, it modifies the user accounts on the infected system by changing their passwords and disconnecting existing users, locking them out of the system. Which enables them to take what they need and log out before detection.

However, what is clear is that highly targeted attacks, especially when combined with advance living off the land tactics, help cybercriminals evade detection, bypass security sensors, and achieve their goals with little to no recourse from their targets. For example, there is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analysed further.

In order to defend against these sophisticated threats, financial institutions must rely on a well-rounded, integrated approach to threat intelligence and advanced behavioural and system analytics in order to identify threats and circumvent the impact of these new targeted cyberattacks.

It’s not easy, but it’s certainly possible – and it should be a priority. Because these attacks aren’t going away, in fact, the volume just keeps rising. But whether it’s protecting customers’ personal information or their savings, banks and other financial institutions have to maintain rigorous security standards. Or risk becoming tomorrow’s next headline.