Top Cyber Threats Faced by Banks

By Darren Williams, CEO and Founder, BlackFog

The financial sector has been a frequent target of sophisticated cyberattacks in recent years with banks being the most common victims. Last year, almost 47% of all financial data breaches were targeted at banking organisations. This influx of threats was evidently a result of increased digital banking and cashless transactions. According to Gartner, almost 70% of banks globally accelerated their digital business initiatives since the pandemic and cyberattacks targeting banks have almost surged by 238% during this time.

As banking institutes shift to digital landscapes incorporating multi-layered solutions like SaaS, PaaS, and IaaS platforms, they often leave behind unknown vulnerabilities allowing threat actors to widely access valuable financial assets. Data exfiltration remains the primary motive behind the majority of such attacks, as the banking sector is considered a critical hub for sensitive personal and financial information. Extracting data from banking servers often means that cybercriminals can gain access to vital information such as credit card details, investment data, user credentials, and other valuable assets.

Therefore, it is critical that banking institutes keep tabs on the major threats targeting their security infrastructure and incorporate proactive solutions that can potentially strengthen their defensive cyber capabilities.

Data exfiltration remains the lead attack vector

Data exfiltration is the primary driver behind 83% of all sophisticated attacks targeting the banking sector such as ransomware, phishing, zero-day attacks, and malware injections. In the simplest essence, data exfiltration refers to the act of carrying out unauthorised data transfer from enterprise servers and network systems.

As security tools and information systems have evolved rapidly in the last few years, so have the illicit resources and threat delivery mechanisms of cybercriminals. Threat actors have developed capabilities to initiate data exfiltration by exploiting vulnerabilities occurring from the complexity of enterprise security environments and incompatible enterprise management tools. Fileless malware attacks and phishing are two of the most common methods for carrying out data exfiltration.

Unlike most malware attacks that require users to download or install the malicious software, fileless malware attacks exploit the native tools built into the user systems. The attack is delivered through malicious codes, which are injected into running system processes like JavaScript or Windows Registry. Because such attacks use script-based techniques, they are harder to detect by conventional security tools.

Phishing attacks are also one of the most common cyber threats facing the banking industry. While the core mechanism of phishing has remained the same, threat actors are continuously enhancing their tactics by using advanced phishing kits to disguise malicious emails and content. Phishing is a concerning threat for banks as sensitive data can be compromised from both ends of the service line, whether its employees or customers.

The fast-paced nature of digital communication in this era creates the perfect opportunity for threat actors to disguise themselves as credible banking organisations and trick consumers into leaking their sensitive information. For example, a consumer might see an email from their bank with a link apparently trying to show their latest statements. By clicking that link providing their credentials, consumers are transferring all of their financial information and assets to the threat actors. The simplicity of phishing methods coupled with the advanced malicious kits available on the dark web makes such attacks very dangerous for the banking industry.

Banking organisations are also very susceptible to brute force password attacks. While almost every financial organisation has enforced strict password policies as part of the cybersecurity practice, employees often fail to adhere to such rules. In fact, over 60% of users reuse the same password for multiple accounts. So, compromising a single account can lead to large-scale exploitation. Furthermore, many organisations are still following the eight-character password rule for their employees, even though such passwords can be cracked in less than an hour using advanced malicious tools.

The critical risk of Ransomware

The increasing frequency of ransomware attacks also poses a significant threat to financial services. Banking services are vital for economic infrastructure, as well as the daily livelihood of consumers and businesses. When ransomware attacks disrupt such services, it poses a critical threat to the industry as well as society. That’s why in such attacks, organisations are often forced to pay hefty ransoms.

Ransomware groups attain access to critical organisation systems, often by exploiting outdated software endpoints and legacy systems or leaked credentials. This allows the threat actors to exfiltrate key data while restricting user access to critical applications or systems. Using this tactic, ransomware groups craft extortion schemes for the stolen data, often resulting in large-scale ransom pay-offs. Given the significance and value of banking services, such disruptive tactics can lead to critical consequences for the banking industry.

The problem with detection-based endpoint solutions

With this growing threat of sophisticated cyber risks, banks need to incorporate solutions that can provide visibility over all impending threats, instead of waiting for threats to come under the detection radar. Current endpoint solutions can mitigate the risks from known threats, but they are not efficient in stopping data exfiltration resulting from unknown and novel vulnerabilities.

Most endpoint solutions rely on actions taken by authorised user accounts, such as security admins. This is a problematic approach when it comes to larger workforces. Employee mistakes and credential theft are among the most common causes of data exfiltration. While endpoint solutions might be able to report and detect these incidents, security teams often fail to respond and take remediation actions in time because of the sheer volume of alerts. That’s why we still see data exfiltration even with the most highly advanced AI-based endpoint solutions.

Transitioning to an anti-data exfiltration approach

To address these growing threats of sophisticated cyber attacks, banking organisations need an urgent shift towards ADX (anti data exfiltration) technology. Instead of relying on detection like traditional EDR solutions, ADX monitors the outbound traffic of a network and restricts data from leaving the secured gateway under a specific set of conditions and policies. So, instead of focusing on inbound threats, ADX solutions simply stop valuable data from leaving the network regardless of the attack vector.

Anti-data exfiltration works by setting a profound set of rules for data exits. For example, it monitors whether the outbound data is generated by unknown traffic, or if the IP addresses are dark web protocols. It also monitors whether the data exfiltration is a result of attempted communication with command-and-control centres. If any of these conditions are present in the outbound traffic, the data is restricted from leaving the network, thus stopping data exfiltration at its roots.

ADX solutions have the capability of synchronising security responses across multiple endpoints and provide visibility to even the unknown vulnerabilities and threats. This unique approach of anti-data exfiltration can help banking and financial organisations to safeguard their valuable assets, while proactively defending against critical threats like ransomware, phishing, malware injections, and password-based attacks.