What is the most valuable kind of stolen data available to purchase on the Dark Web?
If you immediately thought of credit card information, online banking logins, and stolen account numbers, you’d be right. Financial information can sell for up to $120 per record, and that’s without even factoring in the payout when criminals leverage ransomware, engage in identity fraud, or gain a foothold deeper into an organization through an Advanced Persistent Threat (APT).
Cybercrime in finance: a growing threat
In 2021, 63% of financial institutions experienced an increase in the number of destructive cyberattacks against their organization, a 17% increase year on year. According to the Federal Reserve, cyberattacks became the foremost risk to the global financial system, leaving all financial stakeholders responsible for staying two steps ahead.
The latest attacks paint a troubling picture of an increasingly sophisticated cyberthreat landscape, where even the big players are struggling to shore up their defenses.
The latest attacks paint a troubling picture of an increasingly sophisticated cyberthreat landscape, where even the big players are struggling to shore up their defenses.
Understanding the MirrorBlast campaign
The MirrorBlast campaign is one example of a malware campaign currently targeting financial institutions. It uses a lightweight macro that comes embedded inside a MS Excel file, resulting in a low detection rate by traditional detection-based security solutions. It also uses a SharePoint and OneDrive lure, where victims are directed to a sign-in requirement, to bypass sandbox solutions.
Once a victim downloads the Excel document and clicks on Enable Macros, a JavaScript code will download and install an MSI package.
The Tactics, Techniques and Procedures (TTPs) of the MirrorBlast campaign help researchers attribute the attack to well-known Russian threat group TA505. Thus, MirrorBlast reflects the large-scale danger that today’s financial services organizations are under, both from domestic cybercriminals and nation-state attackers.
Best practices for mitigating attacks
Protecting your business against cybersecurity threats means being prepared on three fronts: people, processes and technology.
Protecting your business against cybersecurity threats means being prepared on three fronts: people, processes and technology.
When it comes to the threat represented by people, a key step to reducing risk involves educating your customers to sidestep fraud.
The threats against financial organizations are changing all the time. Before the rise of digitization, the most prominent prevention for banks would have been the guards on the doors, while today, FinTech and online banking has created the need for virtual protections and it’s much more difficult to see when infrastructure or accounts are under attack.
As a result, awareness is key, both for account holders and for employees. The most common way to attack a financial organization is still through social engineering scams such as phishing emails, vishing attacks, or even SMiShing scams that come via text message.
Explain to customers the legitimate ways that your organization would get in touch, and tell them to never give out any personal information in response to an email, an SMS, or a phone call, particularly when these engender a sense of urgency or fear. If customers are at all unsure, they should stop the communication and reach out again themselves, by entering the correct URL into the search bar, calling back to the verified number of the business, or where possible — going in-branch to speak to a representative.
The most common way to attack a financial organization is still through social engineering scams such as phishing emails, vishing attacks, or even SMiShing scams that come via text message.
Implementing Key Processes to Close Gaps
A crucial aspect of reducing risk is to think about what processes you can put in place internally to reduce the risk of cybercrime, or to act quickly if the worst occurs. Two basic examples include:
-
Multi-factor authentication - MFA ensures that customers provide at least two methods of authentication to access their account information. This could be an email verification alongside their login details, biometric scans, a one-time password (OTP) sent by text message, or a physical card reader where they can verify themselves with their ATM card. Educate on smart processes on the customer side, too — such as using strong passwords and not repeating them elsewhere.
-
Real-time monitoring - Set up policies to alert for any activities which are out of the ordinary, such as transactions that are being sent to an unusual location, first-time transactions, or a number of accounts sending small amounts of money to the same user. Block anything suspicious in real time, pending a verification from the account holder by a user-friendly method like SMS, to avoid friction if the usage is legitimate.
Deploying with a Managed Detection & Response provider - to get a security upgrade
Behind the scenes, the right technology is critical for ensuring that you retain visibility and control over your environment. Without it, you may not even be aware that your data and your customers are at risk.
However, it’s not always easy to identify. Today’s security teams are overburdened by multiple security technologies, alert fatigue, overlapping dashboards and competing priorities. They simply can’t do it alone.
By working with a Managed Detection and Response provider, financial services organizations can gain:
-
A flexible extension of your team, with active monitoring of multiple attack vectors, and real-time insight into any targeted threats against your specific assets and data with 24/7 monitoring and threat intelligence
-
Guided remediation and investigation in real time, with the help of an advanced threat hunting team that combines internal and external data including known Indicators of Compromise (IOCs), proprietary threat intel, MITRE blind spots, and anomalous behavior
-
Transparency into SOC activities, with a platform that allows for swift communication between L1, L2 and L3 SOC analysts, threat hunters, SIEM engineers, CTI analysts and more, proven to reduce risk
-
Full collaboration between experts and partners, with support from Digital Forensics and Incident Response (DFIR) teams who aid you with prioritization, root cause, response, and recovery to support faster incident response and handling
Beat the Odds
Using an MDR provider can support your financial organization in limiting the largest risk facing the industry today, and take the pressure off your security teams to always be ahead of the latest threats.
Interested in learning more? Reach out to speak to an expert.
