Banks, Financial Industry Hit by Rising Ransomware Attacks

Source: Bloomberg | Published on March 24, 2023

Christie's ransomware

Ransomware gangs didn’t come out with any big new innovations last year, but “what 2022 lacked in innovation it made up for in volume,” according to a report by a financial services group.

In its annual outlook on cyber threats, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, reported that ransomware remained the biggest concern. The increase in attacks was likely due to the proliferation of the ransomware-as-a-service model, in which hacking groups provide “affiliates” with the malware and services necessary to carry out an attack, in exchange for a share of the criminal proceeds.

The analysis of the financial services industry comes as other recent news on ransomware has been positive. Some cybersecurity experts have reported that ransomware attacks appeared to be declining — though tracking overall incidents is difficult — and that fewer companies are making extortion payments.

“It’s still keeping us quite busy,” said Teresa Walsh, FS-ISAC’s global head of intelligence. “For us anyway, ransomware has not abated.” FS-ISAC shares cyber intelligence among financial institutions around the world.

Russia’s war with Ukraine had by far the most significant impact on the cyber threat landscape for financial services, the report found. The war has spawned a surge of “hacktivist” DDoS attacks, data leakage and website takeovers by groups aligned with either Russia or Ukraine, including some that targeted financial services company.

“Financial firms in countries that Russia considers hostile have been singled out for attacks and called out by name as targets on Telegram and other hacktivist forums,” according to the report. “While the attacks have yet to cause significant impact, they are notable in their ability to temporarily disrupt major businesses and governments while also garnering media interest.”

FS-ISAC also cited business email compromise — in which criminals send an email that appears to come from a known source making a legitimate request — as a major issue for the financial services sector, with members reporting a 300% increase from 2021 to 2022. The majority of the potential attacks shared with FS-ISAC were payroll diversion requests, according to the report.

“While email is the principal attack vector for these scams, fraudster tactics, techniques and procedures have begun to increasingly include the use of other media, such as WhatsApp,” according to the report.

Walsh said companies should have processes in place so that when an employee gets an email from the chief executive officer asking for money, they can verify that it’s really that person.

FS-ISAC said the emergence of artificial intelligence tools will make detecting bogus communications and verifying identities more difficult, even as companies use them to bolster their own defenses. “The use of mis-, dis- and mal-information — potentially leveraging generative text engines to spread — will continue to sow uncertainty, both politically and in the perceived impact of hacktivist campaigns,” according to the report.