Modern criminals aren’t taking outrageous risks when it comes to bank robberies, according to a new report. Instead, bank robbers have evolved into cyber-criminals, leveraging the digital world to steal from financial institutions in cyberspace.
It’s no surprise that financially motivated attackers are targeting financial institutions with banking Trojans, but the new report, Modern Bank Heists, published today by Carbon Black and Optiv, found that the malware trends are one of the reasons CISOs don’t sleep at night.
CISOs at the world’s largest financial institutions participated in a survey that found cyber-threats, including stenography, banking Trojans and lateral movement, are among the most concerning. Based on the survey results, 67% of financial institutions saw an increased number of cyber-attacks over the past 12 months. Of those surveyed, 79% said that cyber-criminals are becoming more sophisticated.
Additionally, the report noted that 26% of participants said they were targeted by destructive attacks, an increase of 160% over the course of the year. Also notable were island hopping that targets top banks around the world and a spike in wire transfer and home equity loan fraud. According to the report, “The most prevalent threats targeting the financial sector so far in 2019 are: Adload, ATRAPS, Egguard, Emotet and GenericKD.”
“As threat actors continue to grow in sophistication and determination, it is imperative now more than ever for security leaders to evaluate their digital footprint from the perspective of the enemy,” said Bill Young, vice president threat management, Optiv, said in a press release.
“By using an inside-out approach to cybersecurity – starting with risk mitigation and building out from there with strategy, infrastructure rationalization, operations optimization and ongoing measurement – we believe financial institutions can close vulnerability gaps and respond to new threats in systematic ways. The time and cost involved in adopting a comprehensive inside-out cybersecurity approach to gain an understanding of threat actor intent, and employing offensive security policies to close security gaps, is a small price to pay.”