Cyber Threats Facing Financial Institutions Amid COVID-19
By Pablo Castillo, Cyber Threat Research Analyst, Constella Intelligence
COVID-19 has accelerated security research into the cybersecurity implications of our society where large swaths of the population are fully remote. With constrained budgets, many organizations have made the difficult decision to deprioritize cybersecurity and instead allocate resources to other business functions that directly impact the bottom line. However, financial institutions are increasingly the target of cyber attacks. From February to the end of April 2020, banks faced a 238% surge in attacks, according to a May 2020 report. Time is clearly running out for organizations to proactively act on cyber threat monitoring, training and awareness for their employees – especially in the financial sector.
In a hearing on this very issue back in June 2020, Financial Services Subcommittee Chairman Emanuel Cleaver (D-Mo.) noted: “In this time of suffering and hardship for so many, we are seeing criminal actors here and at home and around the world redoubling their efforts to target families, financial institutions, and even governments.” As we know, financial institutions are especially attractive to threat actors given their treasure troves of valuable data and the potential for lucrative gains. So, what exactly are the threats facing financial institutions at this time?
Phishing
Threat actors are taking advantage of victims who are susceptible during this uncertain time, with the shift in working patterns amid a lack of security discipline surrounding COVID-19 providing new entry vectors that risk their company’s assets. The increase in phishing scams this year was so stark that the American Bankers Association and nearly 1,500 banks launched #BanksNeverAskThat during National Cybersecurity Awareness Month in October.
My firm, Constella Intelligence, has identified an increase in CEO phishing cases specifically, in which the identities of CEOs were spoofed and misleading emails were directed at employees to gain access to confidential data or redirect bank transfers to malicious accounts. In terms of “cost-effective fraud,” this is the most profitable type of attack for cybercriminals, along with Business Email Compromise (BEC).
Business Email Compromise
Financial Crimes Enforcement Network (FinCEN) published an advisory this summer outlining the various ways threat actors are exploiting the pandemic and singled out BEC schemes. A nefarious actor will convince companies – including banks and lenders – to redirect payments to new accounts, “while claiming the modification is due to pandemic-related changes in business operations,” according to FinCEN. Often, these sort of scams are preventable, but it comes down to training and awareness to combat these social engineering techniques.
Exploitation of Mobile Banking
The pandemic has certainly accelerated the adoption of digital payments, and threat actors have taken notice. The Internet Crime Complaint Center (IC3) stated that mobile banking usage has surged as much as 50% since the beginning of 2020. Cyber actors exploit these platforms, namely via app-based banking trojans and fraudulent apps. The simple solution for individuals to combat these threats is to remain vigilant for suspicious activity and verify an app is legitimate before downloading.
Distributed Denial-of-Service (DDoS)
We are also seeing a significant increase in DDoS attacks on all types of institutions (health, energy, stock trading and banking). Alarmingly, DDoS attacks can freeze the operations of many customers of financial institutions. Notably, in February 2020, Amazon mitigated the largest DDoS attack ever recorded – a whopping volume of 2.3 Tbps. Cybercriminals have noticed many offices are under siege and relying on virtual IT support. Kaspersky noted that DDoS attacks dramatically increased in Q2 and with the holiday season right around the corner, the trend is likely to continue for the remainder of the year.
Maintaining an infrastructure for mitigation of DDoS attacks is costly; however, companies should consider these services are not only contracted to solve a “current” issue, but rather to be prepared for future attacks, similar to the use of antivirus software.
Increased Activity on Deep and Dark Web
In recent months, my firm has also noticed increased activity in underground markets and forums around the sale of stolen credentials, documentation and credit cards, and even tools to exploit physical devices (e.g., ATMs for carding) or communications software (e.g., “Zoom” messaging application). We also observed an increase in the volume of banking information for sale in underground communities.
Looking Ahead
Financial institutions must audit their security protocols and determine what is and isn’t working, and importantly, understand that most fraud incidents will not be isolated. Oftentimes, these attacks are harbingers of future, more sophisticated attacks that use information obtained from a previous cyber incident.
Companies can prevent attacks like money laundering, account takeover and identity theft, but the key is two-fold: take a proactive approach to security by equipping your organization with digital risk protection capabilities – monitoring, detecting and uncovering identity information found in open sources on the surface, social, deep and dark web – and training your employees. Human error is costly. Simply put, if your employees do not practice proper cyber hygiene, your organization will be more vulnerable to cybercrime. A great place to start is understanding the signs of a scam (e.g., poor grammar, unsolicited inquiries regarding financial or personal information, suspicious attachments). Threat actors are constantly evolving, especially in the wake of the pandemic, so financial institutions and their employees must keep pace.
About the Author
Pablo Castillo is a Cyber Threat Research Analyst at Constella Intelligence – a cyber intelligence company that works in partnership with some of the world’s largest organizations to safeguard what matters most and defeat digital risk. Pablo can be reached at our company website https://constellaintelligence.com/
