TOP CYBER SECURITY THREATS TO THE FINANCIAL SECTOR

Cyber security threats like phishing, ransomware, DDoS, crypto jacking

have continued to attack the financial sectors like credit

I’m sure it’s not a surprise for you if I say, the favorite target of hackers is
the financial industry and the reason is pretty straight forward. As per a
report published by Market Expertz, cyber-attacks against financial
services increased by 70% in 2017. There is no doubt that, vast amount of
money flow in banks and other financial institution attracts cyber
criminals. That’s why, cyber-attacks cost financial services 300 times more
than any other industry.

Daniel Schulman (President and Chief Executive Officer, PayPal) once said in
an interview that, an average American business attacked by cyber criminals
amounts to 4 million in numbers per year, while a typical American financial
service is attacked 1 billion times a year. Cyber-attacks on financial services
are devastating and the threats are shockingly increasing day by day.

1. Facts on cyber-attacks in 2019 on financial services

2. Financial Sectors Attacked By Various Cyberattacks
o Credit Union
o Banks
o Insurance
o Cryptocurrency Exchange
Let’s have a look at some of the cyber-attacks in 2019 on
financial services
 On 10th of July, a phishing mail from cyber criminal took down the
payroll system of Arlington Co.
 250 GB data compromised from Brazilian financial services because
of unprotected server, reported on 22nd of July.
 Dutch Bangla Bank Limited (DBBL) lost 3 million dollars last month,
claimed to be hit by a hacker group name “Silence”.
  Huge loss of financial and personal records from Australians’ banks, as
hackers breached thousands of banks accounts.
 On 5th of Aug, Monzo told 480,000 customers to change their PINs as
they found a security breach in their system.
 European Central Bank claims that one of their websites was hacked
and that hackers have possibly stolen customer data
 A million people, figure prints and facial recognition data has been
compromised, as a major breach was found in the UK
banks’ biometrics.

After reading the above facts, you might be thinking whether or not your bank
is secure enough. Though banks and other financial services deploy major
cyber security implementations in their systems, but in some scenarios they
still fail. Every year governments and financial organization around the globe
invest millions of dollars in cyber security but the hackers still manage to
bypass those securities.

So, let’s jump into the pool of cyber-attacks in various

financial sectors to understand them from their roots.
Credit Union

Credit unions have developed a specialized and sophisticated cyber security

system, though on the other hand cybercriminals are also getting well
equipped day by day. The hackers are better organized, well financed, using
automated tools and proficient in machine learning.

Early 2019 had seen a sudden rise in phishing attacks on credit unions of the
U.S. and on 30th Jan, almost every BSA (Bank Secrecy Act) officer at various
credit unions had received a malicious mail from hackers.

Email was addressing every recipient by their names and claimed that some of
the credit union customers have suspiciously transferred money from one
account to another and for a proof hackers also attached a PDF with the email.
This entire matter disclosed, when someone analyzed that the mail body is full
of grammatical errors and those mails were sent from the IDs which were not
in the database of the credit union to begin with.

Banks

Banking malware first introduced in 2014 as Emotet, a banking trojan. The

main purpose of this malware is to sneak into your system to steal personal
information as well as credentials. In 2018, 889,452 attacks were registered
against banking malware which surprisingly hiked by 15.9% in comparison to
2017. Even today, users from India, United States, Russia, Germany, Italy,
Vietnam and China are frequently getting hit by banking malware.

DDoS (Distributed Denial-of-Service) is another huge threat to banks. On

August 28, 2018, Bank of Spain had reported that their website went offline
for a day as they struggled, with a sudden DDoS attack.

And later on, they revealed that there was no major incident of data breach.
But not all banks were that much lucky, as on 29 th Jan in the same year, 3
banks (ABN AMRO, ING and Rabobank) again suffered from DDOS attack. A
representative from ABN AMRO first revealed that they are suffering from
DDOS attack. He also mentioned that at one point security of payments and
client data was under a huge threat.

Insurance Firms

Same as other financial institutions, insurance companies are also facing cyber
threats frequently. This July, State Farm insurance notified their policyholders
that, they got hit by credential stuffing attack. This attack was disclosed when
State Farm observed much higher login attempts than usual.

Immediately after the event, state farm had reset the password for affected
accounts. Company also explained that none of the personal information of
any customer had exposed.

Anthem insurance company had suffered from a vast data breach in 2015. In

this incident, hackers had stolen all vital information like the names, date of
birth, home addresses, social security numbers and other personal
information of almost 78.8 million current and former customers, including
employees. For inquiry, FBI had approached and they verified that none of the
Anthem member’s data was sold or used in some mischief activities.

Cryptocurrency Exchange

Nowadays, cryptocurrency is on its peak and millions of people all around the
globe are investing a huge amount of money in various cryptocurrency
exchanges. Here as well, hackers have adopted a new strategy of attack known
as “crypto jacking.”
In this case, hackers looks for computer systems to install a software for
generating bitcoins and other cryptocurrencies. They will not ask you for
ransom or encrypting any data. Instead of all this, they work silently in the
background for making new cryptocurrencies on your money.

In July 2019, Bitpoint (a licensed cryptocyrrency exchange) in Japan had

experienced a loss of US 32 million dollars (3.5 billion Yen) in crypto assets in
which 2.5 billion Yen belonged to customers. This hack was primarily focused
on five cryptocurrencies: Bitcoin, Bitcoin cash, Ethereum, Litecoin and XRP.

Immediately after this incident Bitpoint had halted all trading activities which
means no one can invest or make any withdrawal.

Conclusion

Every day hackers come with a new solution to breach world class security. As
we have witnessed in the past that Ransomware hasn’t left any of the industry
by its impact.

That doom day is not so far when we again hear some devastating news about
major cyber-attack. Cyber security organizations need to dig deep and come
out with a solution to stop these events in the future.