Digital is transforming every aspect of banking—even bank robbing. And instead of a few bad actors holding up one branch, cybercrime cartels today are trying to lock up an entire financial institution for days, even weeks, while launching follow-on attacks. And they’re not easily deterred.
That’s according to the fourth edition of the Modern Bank Heists report, which annually takes the pulse of some of the financial industry’s top CISOs and security leaders worldwide.
“This year’s Modern Bank Heists report underscores the growing sophistication, tenacity, and downright cruelty of the cybercriminal underworld,” writes Jonah Force Hill, Cybersecurity Strategist at the U.S. Secret Service in the report’s opening.
“Criminal groups launched a torrent of fraud scams, ransomware attacks, and phishing campaigns, all aimed at profiting off of the unprecedented fear and anxiety caused by a once in a lifetime public health emergency,” he says.
The financial services sector is attractive to cybercriminals because success yields credentials, access to financial applications, and ultimately ransomware and other forms of payment. Each time cyber attackers penetrate an institution, they learn more which can encourage them to be more bold.
In response to questions about suspicious activity, counter incident response, island hopping—an attack on an organization that leads to it attacking its own partners or customers—and integrity attacks, these are just some of the key findings the report uncovered:
- 54% of surveyed financial institutions experienced destructive attacks, a 118% increase from 2020.
- 38% experienced an increase of island hopping.
- 51% experienced attacks that targeted market strategies.
“Cybercriminals have learned that the most valuable asset of a bank is nonpublic market information that can be used to facilitate digital insider trading and front running as observed by VMware cybersecurity strategists,” write report authors, Tom Kellermann, Head of Cybersecurity Strategy, and Rick McElroy, Principal Cybersecurity Strategist, both of the VMware Security Business Unit.
Financial Firms Boost Prevention
Because cybercriminals are evolving in attack sophistication and organization and they are increasingly led by cybercrime cartels and nation-states, situational awareness is paramount, according to the report.
“This year’s Modern Bank Heists report underscores the growing sophistication, tenacity, and downright cruelty of the cybercriminal underworld.”Jonah Force Hill, Cybersecurity Strategist, U.S. Secret Service
Eight in ten (82%) financial institutions surveyed plan to increase their budgets by 10–20%. Spending is expected to be concentrated on:
- Extended detection and response (XDR) (24%)
- Threat intelligence (23%)
- Workload security (21%)
- Container security (18%)
Defending Against Modern Bank Heists: 8 Best Practices
The report’s authors note that cybercrime escalation has turned into a virtual hostage situation for many organizations. As a result, they encourage financial services leaders to evolve how they respond. And they offer eight people, process and technology-related best practices for security teams.
Among the best practices are standing up a secondary line of secure communications and ensuring the organization has robust monitoring.
“You must monitor the situation to fully grasp the scope of the intrusion to effectively develop a means of actually removing the adversary from the environment,” write Kellermann and McElroy.
Proactive and predictive technologies can also bolster defenses. Agents, honey tokens, just-in-time administration, workload security and integrated network detection and response with endpoint protection platforms are some of the most effective solutions.
And last, but not least, is the best-practice recommendation to be proactive which includes regularly hunting threats.
Trust and confidence in the safety and soundness of the financial sector depends on banking leaders and trusted partners like VMware evolving to create greater situational awareness. For example, intrinsic security from VMware is a fundamentally different approach to securing financial organizations. It leverages infrastructure and control points in new ways across any app, any cloud, and any device, combined with threat intelligence, to shift teams from a reactive posture to a position of strength.
Where to Learn More
We’ll be talking more about the report findings and best practices during our Modern Bank Heists 4.0 webinar. Download the report for more information, and tune into the VMware podcast Don’t Break the Bank as we walk through the report’s findings and what to do next.