Combatting the Growing Frequency of Ransomware Attacks on Financial Services Organizations

Understanding and Mitigating Finance-Specific Cybersecurity Risks

Cybersecurity in the financial industry is of the utmost importance as financial institutions handle sensitive and valuable personal information daily, including Social Security numbers, banking information, and confidential business knowledge. Hence, the financial industry is a prime target for cyberattacks due to the possession of this data and the potential for financial gain through fraud or theft.

Phishing emails, the unauthorized use of Remote Desktop Protocols (RDP) credentials, and brute force have become the top three ways nefarious actors penetrate financial servic­es networks to launch ransomware demands. As ransomware’s financial demands escalate, the payoffs become addictive and nefarious groups opt to “hit the financial jackpot” more often.

First recognized as a severe threat in 2020, ransomware proliferated during the pandemic-associated work-from-home (WFH) phenomenon. As multitudes of barely protected endpoints multiplied, leading financial services providers found themselves transferring significant amounts of money to nefarious actors who held their confidential data hostage. Post-COVID, as the financial services industry’s blanket implementation of digital transformation gained speed, meeting customer demand for a comprehensive online experience created exponential growth in cybersecurity risk and vulnerabilities.

Ransomware attacks targeting financial institutions have advanced since 2020 and are significantly impacting organizations and their stakeholders. In June of 2021, the Central Pacific bank announced that it had been the target of a ransomware attack that resulted in the disruption of its online banking and other digital services (indicating inadequate cyber resilience). The threat actors used a type of malware called Ryuk ransomware to encrypt the bank’s files and demanded a ransom to be paid to restore access to the data. Despite taking immediate action to contain the attack and prevent the spread of the malware, some of Central Pacific’s systems remained offline for several days while the incident was being investigated. The incident resulted in inconvenience for the bank’s stakeholders, significant financial loss due to the ransom payment and cyberattack resolution, and extensive reputation damage & negative customer sentiment.

A disturbing new trend is also emerging: Banking’s operational response often allows additional threats to be created in real-time as cyber attackers exploit lateral vulnerabilities within the organization. This trend is particularly worrisome because, while responding, the organization often struggles to pinpoint and understand the nature of the attack and the depth of its own vulnerabilities.

Today, cyber thieves have tapped the power of artificial intelligence (AI) and self-learning malware to boost the effectiveness and velocity of cyberattacks. Current reports from cybersecurity experts across the United States, Australia, and the United Kingdom state that ransomware, the most lucrative type of cyberattack, will continue to be a significant, expensive threat to financial services organizations through the end of 2023.

Ransomware: Beachhead of Sophisticated Operations

As more financial services organizations pay ransomware demands to recover access to their systems and sensitive data, payment merely solidifies this renegade business model. The growing complexity and interconnectedness of players across the global ransomware continuum make it ever more difficult to identify who is beyond the demands and who is receiving the payments.

The significant and ongoing financial gains associated with ransomware have prompted an army of unaffiliated hackers operating around the globe to formalize their operations, becoming an “attack for hire” marketplace with notoriously effective attackers offering Ransomware as a Service (RaaS). These sophisticated operations routinely use a “triple extortion” strategy to force victimized financial services organizations to pay a ransom. The three-pronged threat includes the public release of the company’s sensitive data, disruption of the organization’s Internet access, and the distribution of an attack to the victim’s shareholders, partners, and suppliers.

Ransomware attacks are rarely a “one-and-done” effort. In Eurasia, for example, ransomware groups have been known to share victimology with their peers. The Conti ransomware gang, which claims to have extorted $180 million in a single year, granted access to its victim network on the open market, enabling other ransomware groups to launch follow-up attacks of their own.

An Evolving Threat Landscape

Navigating this complex threat landscape requires that financial services operations of all sizes focus on ever-changing attack origins and approaches. Today, the most encountered threats are coming from:

• Ransomware – This form of malware encrypts files, rendering them and the systems that rely on them unusable. Malicious actors then demand financial payment in exchange for decryption. These attacks often target financial institutions because they possess valuable data and have a strong incentive to pay the ransom to restore access to their files. To say that ransomware attacks are on the rise is an understatement. A year-to-year comparison of these attacks for the first six months of 2021 showed a growth rate of 1,318%.
• Government-sponsored attacks – Financial services companies have more to worry about than packs of international hackers; governments are getting into the attack act as well. NATO, citing the increasing frequency of digital misconduct, named cyberspace as an official warfare domain in 2016. Given ongoing geopolitical events, CISA has issued alerts addressing risks from Russian State-Sponsored cyber threats and highlighted recent malicious cyber incidents suffered by public and private entities in Ukraine.
• Third-Party Software – No financial services organization’s IT infrastructure operates independently; it includes a myriad of third-party solutions needed to support business-critical initiatives, such as digital transformation and internal and external workflows. This reliance on third-party applications creates known and unknown vulnerabilities that malicious hacking groups can leverage and exploit.
• Phishing – A common tactic used by cybercriminals to gain access to sensitive information, such as login credentials and financial data. In the financial industry, phishing attacks are often directed at employees of financial institutions, as well as customers. These attacks typically involve the use of fraudulent emails, text messages, or websites that appear to be from a legitimate source, such as a bank or other financial institution, to trick individuals into providing sensitive information.
• Unencrypted Data – Smaller financial institutions, many of which face limited financial resources, may bypass encryption, which greatly complicates cybersecurity protection. Data breaches in these organizations create additional risk for clients and partners whose data can be used as soon as it is captured by cyber thieves. Cyber thieves have figured out that while the financial assets at smaller financial services operations may be of less monetary value, smaller, less protected financial services organizations can be easier to penetrate and offer a gateway to clients’ and partners’ assets.
• Bypassing MFA – Once thought to be the “Holy Grail” of data protection, multi-factor authentication (MFA) has recently taken significant hits from fraud-related attacks. Cybercriminals are using auto-dialers to intercept one-time passwords, creating “MFA fatigue” for customers and opening the way for bots to penetrate targeted accounts.

While external threats to the financial services industry take top billing in the cyber war, human error and individuals with malice toward the organization can also launch cyberattacks. Employees, especially former staff who have an axe to grind or those who have been recruited by third parties, can exploit known vulnerabilities or creating new ones.

This list is not intended to be comprehensive. Cyber thieves morph their strategies and tactics frequently, making it extremely challenging for financial services organizations to keep ahead of the threats.

Financial Systems Require the Constant Diligence of a Dedicated Security Team

Cyber attackers aim AI and self-learning malware onto a larger attack surface, reaching beyond the corporation to its customers and partners to find and exploit vulnerabilities in financial services’ technology infrastructures. This larger attack surface especially comes into play during the consolidation of financial services operations such as mergers and acquisitions.

To improve their cyber resillience, financial services organizations need to broaden and expand their efforts in three key areas: data privacy, identity protection, and vulnerability management. In most financial services organizations, internal IT teams have their hands full executing business-critical digital transformation initiatives and managing the existing technology infrastructure. Most financial services simply don’t have the specially trained staff or massive budget needed to keep nefarious actors at bay.

Cybersecurity requires specialized expertise that is up-to-the-minute current and a preventive eye to accurately forecast where international hackers will go next. That’s simply too much responsibility to heap on the already full agendas of internal IT staff.

However, faced with an IT cybersecurity talent shortage and an ever-changing threat landscape, financial services organizations have discovered that partnering with a Managed Services Provider (MSP) can offer the expert assistance and full-time attention to data protection they need without onboarding and managing additional staff.

What should financial services providers look for in an MSP partner?

A proven track record of cyber expertise in this preventive, high-risk game of “technology cat and mouse” is just the beginning. Even with deep cyber expertise, an all-industry MSP won’t understand the highly regulated aspects of financial services. When selecting a managed services provider, they should have a deep understanding of and the ability to meet the regulatory requirements that apply to financial institutions, such as the Payment Card Industry Data Security Standards (PCI DSS) and the General Data Protection Regulation (GDPR).

Few financial services providers have the time to educate an all-purpose MSP. Instead, look for one that already understands the language of financial services, appreciates the intricate challenge of cybersecurity in global and local financial services, and has done what your organization needs many times before.

Having a cyber partner who understands the constantly changing customer-facing dynamics of financial services, especially from a digital transformative perspective, will make your ideal MSP partner stand out from the rest. With that partner, a financial services organization can cultivate strategic risk management conversations, set cybersecurity proprieties and benefit from the cybersecurity expertise gained by working with all the other financial services who have gone before.

IT Solutions, an MSP partner offering a robust array of managed IT services, has trained staff with years of experience focusing on cyber reliance for companies and organizations specializing in financial services. This focus means staying up to date on regulatory requirements and emerging challenges unique to the financial industry. To learn more, visit our dedicated resources and information page on supporting financial services organizations.