While nearly every business is a potential victim of cybercrime, cyber threat actors typically select victims based on two criteria: maximum revenue and maximum impact. Financial institutions such as banks and financial services are prime targets for cybercriminals because they meet both criteria. Organizations in the financial industry electronically store important and valuable data, from credit card and deposit information to estates, wills, title and other sensitive data, and often process trillions of dollars in data. Additionally, their ongoing digital transformation efforts, tough regulatory environment, and complex supply chain ecosystem are increasing the opportunities for cybercriminals to obtain and monetize this data.
The BCG report shows that financial services are 300 times more likely to be victims of cyberattacks than other organizations. Here are a few recent financial system attacks:
On April 17, 2022, decentralized finance platform Beanstalk Farms lost $180 million in a cryptocurrency heist. An attacker takes out a loan large enough to gain enough voting power to make the necessary governance changes to transfer all of Beanstalk's reserves. The price per bean has since plummeted to near zero before recovering to around $1.
On April 11, 2022, researchers reported on Fakecalls, a banking trojan capable of "talking" to victims and posing as bank employees. Fakecalls mimics the mobile app of a popular South Korean bank. The Trojan attempts to gain access to the victim's contacts, microphone, camera, location, and call handling, and the attacker attempts to obtain payment data or confidential information from the victim.
On February 28, 2022, the Moscow Stock Exchange and Russia's largest bank, Sberbank, suffered a DDoS attack that took their websites offline. The Ukrainian IT Army claims the incidents were carried out by a crowdsourced hacking community created by the Ukrainian government.
Financial services are at the heart of the global economy, and it is safe to say that cybercrime is a major risk to the banking system. Cybersecurity has become an important investment in the financial sector. In 2019, JPMorgan Chase CEO Jamie Dimon said, "Cyber-attacks are probably the biggest threat to the U.S. financial system." That could be the reason JPMorgan spends nearly $600 million a year to bolster its cyber defenses and face the constant attack". An Accenture study found that the average annual cost to financial services firms associated with a data breach has increased to $18.5 million.
Financial services today are completely reliant on computer systems. Although they started digitizing very early, today, many information systems are outdated. In fact, many security incidents are related to poorly tuned tools. In some cases, no software patches were installed at all.
ImmuniWeb researched external web applications, APIs and mobile applications for the S&P Global List, which mentions the world's largest financial institutions from 22 countries. 91% of mobile banking applications were found to contain at least one medium-risk security vulnerability. One thing to keep in mind for these companies is that information systems in the financial sector often rely on multiple decentralized systems within large, widely interconnected swarms – which increases cyber risk. These factors make financial services a very lucrative target.
Continuous digital transformation and innovation, and complex supply chain ecology are the main challenges facing the financial system. Most financial institutions rely on third-party service providers to complete their digital operations, and third-party service providers can also be the weak link in the cybersecurity chain. Threat actors are increasingly targeting software vendors and then delivering malicious code to customers in the supply chain through downloads or updates of seemingly legitimate products. These attacks compromise software distribution systems and allow threat actors to gain access to the vendor's customer's network.
Our Reactor engine can detect vulnerabilities in mobile banking applications, analyze the access sources of network information in the applications, and output supply chain analysis reports for the financial system. For the executable program running in the system, the vulnerability has been disclosed through the file fingerprint information, and the possible vulnerable code can be analyzed through disassembly and decompilation, and through the self-developed BinQL vulnerability finder.
