This marks the third edition of the Modern Bank Heists report, which takes an annual pulse of some of the financial industry’s top CISOs and security leaders. Thank you, again, for reading along and thank you to the 25 security leaders who participated in this year’s survey.
This survey offers more than just data. We use the information gleaned from this report to educate the market on how modern cybercriminals are evolving; what tactics, techniques and procedures (TTPs) are emerging; and how defenders can keep pace. Perhaps most importantly, we use the information to deliver a stronger cybersecurity platform to the market.
In this year’s survey, CISOs revealed what they’re seeing with attack prevalence and evolution. Our questions tackled topics including lateral movement, counter-incident response, island hopping and integrity attacks. The financial sector is not a new target for criminals. Of course, the bank heist has evolved significantly—from stickups to cyberspace—but the fundamental motivation behind the attacks has remained: money.
This evolution is best reflected in a conversation we recently had with Jonah Force Hill, senior cyber policy advisor and executive director of the U.S. Secret Service Cyber Investigations Advisory Board (CIAB), who told us: “This year, while virtually all sectors of the global economy fell victim to cybercrime of one kind or another, no sector was more regularly targeted than the financial sector. At an alarming rate, transnational organized crime groups are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service (DDoS) attacks and business email compromise (BEC) scams. Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities. The growing availability of ready-made malware is creating opportunities for even inexperienced criminal actors to launch their own operations. When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cybercriminals today have an ever-expanding host of attack vectors to exploit. Every organization—providers of financial services, in particular—must remain vigilant in the face of these evolving threats. It is critical that organizations maintain a continuous dialogue with law enforcement to ensure a rapid response in the event of an incident.”
This year’s report combines original VMware Carbon Black threat data analysis with annual survey results featuring responses from 25 leading financial institution CISOs.
Among the key findings from the report:
Threat Data Analysis
- From the beginning of February to the end of April 2020, attacks targeting the financial sector have grown by 238%, according to VMware Carbon Black threat data.
- Ransomware attacks against the financial sector are up 9x from the beginning of February to the end of April 2020, according to VMware Carbon Black threat data.
- 27% of all cyberattacks to date in 2020 have targeted either the healthcare sector or the financial sector, according to VMware Carbon Black data.
Key Survey Results
- 80% of surveyed financial institutions reported an increase in cyberattacks over the past 12 months, a 13% increase over 2019.
- 82% of surveyed financial institutions said cybercriminals have become more sophisticated over the past 12 months.
- 64% of surveyed financial institutions reported increased attempts of wire fraud transfer over the past 12 months, a 17% increase over 2019.
- 33% of surveyed financial institutions said they’ve encountered an attack leveraging island hopping (an attack where supply chains and partners are commandeered to target the primary financial institution) over the past 12 months.
The full report, available for download here, takes a look at some of the key attack types financial institutions are encountering; how modern cybercriminals are evolving; what tactics, techniques and procedures (TTPs) are emerging; and how defenders can keep pace.