July 31, 2019 |

Finance sector: a one-stop shop for attackers

F-Secure’s Cyber Threat Landscape for the Finance Sector highlights the broad range of threats facing the global finance industry

Helsinki, Finland – July 31, 2019: Thieves have been stealing money from banks since the 18th century. And while today’s thieves use cyber attacks to steal money from financial institutions, a new report from cyber security provider F-Secure shows that the range of threats facing organizations working directly and indirectly with the global finance sector go far beyond traditional theft.

F-Secure’s Cyber Threat Landscape for the Finance Sector shows that the sophistication of adversaries targeting banks, insurance companies, assets managers and similar organizations can range from common script-kiddies to organized criminals and state-sponsored actors. And these attackers have an equally diverse set of motivations for their actions, with many seeing the finance sector as a tempting target due to its importance in national economies.

The report breaks down these motivations into three groups: data theft, data integrity and sabotage, and direct financial theft.

“This is a useful way to think about cyber threats, because it is easy to map attacker motivations across to specific businesses, and subsequently understand to what extent they apply,” says F-Secure Senior Research Analyst George Michael. “Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk, and implement appropriate mitigations.”

Data integrity and sabotage – where systems are tampered with, disrupted or destroyed – is the cyber criminals’ method of choice. Ransomware and distributed denial-of-service attacks (DDoS) are among the more popular techniques used by cyber criminals to perform these attacks.

Similar attacks have been launched by state-sponsored actors in the past. But these are less common and often linked to geopolitical provocations such as public condemnation of foreign regimes, sanctions, or outright warfare.

And while North Korea has the unique distinction of being the only nation-state believed to be responsible for acts of direct financial theft, their tactics, techniques, and procedures (TTPs) have spread to other threat actors.

According to Michael, this is part of a larger trend that involves adversaries offering their customizable malware strains or services-for-hire on the dark web, contributing to a rise in the adoption of more modern TTPs by attackers.

“North Korea has been publicly implicated in financially-motivated attacks in over 30 countries within the last three years, so this isn’t really new information,” says Michael, “But their tactics are also being used by cyber criminals, particularly against banks. This is symbolic of a wider trend that we’ve seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals.”

Other key findings and concerns highlighted in the report include:

  • State-sponsored attackers and cyber criminals steal financial data to monitor the activities of specific individuals, as well as large international deals in key industries
  • Techniques to steal funds via a range of systems, including SWIFT payment operators, inter-bank payment switch applications, and ATMs, are now accessible to many attackers
  • General developments in the threat landscape, including the use of distractive malware, supply chain compromises, and customized TTPs specific to the target, are relevant for the finance sector

According to Michael, understanding cyber threats relevant to specific organizations is crucial to being able to detect and respond to an attack when it occurs.

“Understanding the threat landscape is expensive and time-consuming,” says Michael. “If you don’t understand the threats to your business, you don’t stand a chance at defending yourself properly. Blindly throwing money at the problem doesn’t solve it either – we continue to see companies suffer from unsophisticated breaches despite having spent millions on security.”

The full report is available on F-Secure’s blog.

About F-Secure
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations
Adam Pilkey
+358 40 637 8859

Latest Press Releases

May 26, 2020

Research finds Android handsets suffer from region-specific security issues

Region-specific settings and configurations leave users vulnerable in some countries but not others.   

May 22, 2020

F-Secure becomes Premier Member of The Fiber Broadband Association’s LATAM Chapter

Helsinki, Finland – May 22, 2020::  Cyber security provider F-Secure has become the newest Premier Member of the LATAM chapter of the Fiber Broadband Association –the largest and only trade association in the Americas dedicated to the pursuit of an all-fiber optic network infrastructure. As a Premier Member, F-Secure will support the organization providing relevant […]

May 13, 2020

F-Secure UK completes study on intelligent transport system security

Research highlights threats and security challenges facing the UK’s emerging driverless transportation infrastructure.

May 7, 2020

F-Secure, Windstream, and Actiontec win broadband marketing award for connected home security offering

2020 Marketing Partnership Best in Class Award recognizes the teamwork that delivered all-encompassing security solution to customers.

%d bloggers like this: