Attacks on financial institutions spiked by a massive 238% from the beginning of February to the end of April, as cyber-criminals took advantage of peaks in the COVID-19 news cycle, according to VMware Carbon Black.
The company’s third annual Modern Bank Heists report revealed that over a quarter (27%) of attacks so far this year have targeted either the healthcare or financial sectors.
Interestingly, rises in attack volumes seem to have coincided with major news events during the crisis, such as the first confirmed US case, the country’s first death, and the WHO declaring a pandemic. This could be because such events provide a useful lure for phishing emails.
Ransomware attacks against the financial sector increased nine-fold from the beginning of February to the end of April 2020.
Elsewhere, Emotet and Kryptik malware variants were among the most prolific, the latter used in the notorious 2015 attack on Ukrainian power grid. Aside from ransomware, the end goal is to transfer funds or exfiltrate sensitive data.
In fact, 82% of respondents claimed that attacks had become more sophisticated over the past year. Attackers have “dramatically increased” their understanding of internal policies and procedures and are aware of blind spots in incident response, the report claimed.
A third (33%) of respondents said they’d been hit by island hopping attacks via smaller supply chain partners, and a fifth (20%) had experienced a watering hole attack.
Of even greater concern is that a quarter (25%) said they’d been targeted by destructive attacks designed to cause maximum damage rather than to elicit a ransom payment.
“Over the years, bank heists have escalated to virtual hostage situations where cybercrime groups and nation-states have attempted to commandeer digital transformation efforts,” argued VMware’s head of security strategy, Tom Kellermann. “Now, as we address COVID-19’s impact on a global scale, it’s clear attackers are putting financial institutions directly in their crosshairs, according to our data.”
According to Accenture, the cost to address and contain cyber-attacks is higher for financial services than any other sector.