The potential financial, operational, and reputational impact of ransomware make it the top threat facing financial services organisations, according to a new report from cyber security provider, F-Secure.
Phishing, exposed remote desktop protocol (RDP) ports, and the exploitation of vulnerable software, are called out as the three most common principal intrusion vectors for ransomware. The report also notes that the scale and sophistication of ransomware attacks have increased in the last two years.
And while the report forecasts that ransomware will remain a predominant threat for at least the next 12 months, it also highlights defensive strategies that can help reduce the impact of ransomware attacks.
“Financial service organisations that understand their IT estates, what opportunities they have to detect attacks, and what risks and threats are facing their industry, can prepare themselves to mitigate most of the damages caused by the kind of ransomware attacks we see today,” says F-Secure Global Head of Incident Response, Joani Green. “Detecting attacks is obviously the first step, but organisations that prepare a full plan for responding to ransomware can put a stop to these incidents in a matter of hours instead of days or weeks.”
Even though financial services organisations consider ransomware to be the top threat, the report found that supply chains and cloud security were key areas of concern. The report lists several reasons justifying organisations’ concerns with these areas but identifies the spread of capabilities from nation-state threats to cyber criminals as a common development for both.
“If you look at the threat landscape as a whole, tactics, techniques, and procedures trickle down from the highly-skilled, well-resourced nation-state attackers to professional cyber criminals. That’s why cloud security and supply chain attacks are the financial sector’s biggest concerns. Ransomware attacks are viewed by many in the sector as today’s biggest threat to operational resilience, but we can already see the signs that attacks against these other areas will become more important in the months and years ahead,” says F-Secure Head of Threat Intelligence, Callum Roxan.
Other findings discussed in the report include:
- Financial services organisations are struggling to manage vulnerabilities in their infrastructure. The exploitation of vulnerabilities is a key vector in many high-impact intrusions by both state-sponsored threat actors and cyber criminals.
- Technologies such as SWIFT, Open Banking, and ATMs present an ongoing risk to financial organisations as offensive techniques deployed against these technologies evolve. Financially motivated state-backed groups continue to conduct ATM cashouts, fraudulent abuse of compromised bank-operated SWIFT system endpoints, and cryptocurrency theft.
- Cryptocurrency related attacks have increased, making it important for central banks to secure digital currency infrastructure (particularly as they increase their cryptocurrency holdings and roll out their own digital currencies).
The full report is available for download here.