Sekoia: Most Current in the Financial Sector Cyber Threat Landscape


< img src="" alt= ""> A brand-new report from French-based cybersecurity company Sekoia describes evolutions in the financial sector threat landscape. The sector is the most affected by phishing around the world and is significantly targeted by QR code phishing. The monetary market also suffers from attacks on the software application supply chain and stands among the most targeted sectors affected by ransomware in 2023. And a boost in attacks on Android smartphones impacts the sector, both for cybercrime and cyberespionage operations. Jump to: The phishing danger Phishing is the top digital crime for 2022, according to the FBI, with more than 300,000 victims in 2022. The Anti-Phishing Working Group shows that in the

third quarter

of 2022, the financial

sector was the most affected by phishing projects, with 23%of financial institutions being targeted. Phishing as a service massively strikes the sector According to Sekoia, the phishing-as-a-service design has been massively adopted in 2023. Phishing sets built of phishing pages impersonating different financial organizations are being offered to cybercriminals in addition

to packages made to usurp Microsoft and collect Microsoft 365 login qualifications, which companies use for confirming to various services. One example of such a risk is NakedPages PhaaS, which supplies phishing pages for a big range of targets, including financial companies. The danger star handles licenses and routinely reveals updates through its Telegram channel, which presently has about 3,500 members (Figure A) . Figure A Example of an announcement on the NakedPages Telegram channel.

Image: Cedric Example of an announcement on the NakedPages Telegram channel.Pernet/TechRepublic Among all of the supplied phishing pages, the risk actor discusses the online accounting

software QuickBooks, used by many organizations in the monetary sector. The most active tool sets utilized for PhaaS over the previous year in addition to NakedPages are EvilProxy, Dadsec, Caffeine and

Achievement, according to Sekoia’s scientists. QR code phishing projects are on the increase A boost in the number of QR code phishing , or quishing, projects has been observed by Sekoia. Quishing attacks consist of targeting users with QR codes to trick them into supplying their personal details, such as login qualifications or financial information. Sekoia evaluates that QR code phishing will increase due to its”efficiency in averting detection and preventing e-mail security solutions.”Quishing capabilities become part of the Dadsec OTT phishing as a service platform, the most secondhand package in Q3 for 2023, according to Sekoia. It has actually been observed in several large-scale attack campaigns, impersonating banking companies in specific. Another large quishing project targeted investment organizations through the Tycoon PhaaS package. The quishing attack leveraged PDF and XLSX e-mail attachments consisting of a QR code, ultimately leading to Microsoft 365 session cookie theft. BEC campaigns evolve Organization email compromise projects have actually increased by 55%for the first 6 months of 2023.

While those attacks usually impersonated CEOs and high-level executives, they now likewise impersonate suppliers or service partners. One current case has impacted the monetary sector with an advanced multi-stage adversary-in-the-middle phishing and BEC attack. The attack specifically targeted banking and financial services and originated from a compromised trusted supplier, revealinga development in the BEC hazard landscape

. Several supply chain threats Open-source software supply chain attacks have actually seen a 200%boost from 2022 to 2023. As 94%of organizations in the monetary sector use open-source components in their digital products or services, the sector can be impacted by attacks leveraging compromises in the open-source software application supply chain.

A striking example has actually been the Log4Shell vulnerability and its exploitation, which affected countless business worldwide for monetary

gain and espionage. Supply chain attacks particularly targeting the banking sector have also been reported, revealing that some danger stars have the ability to develop advanced attacks versus the sector. As specified by Sekoia,”It is highly likely that advanced hazard stars will continue clearly targeting

the banking sector’s software application supply

chain.”Financial aggregators also appear as a new opportunity for hazard actors to target the sector. According to Sekoia, those aggregators”are not sent to the same level of regulation as conventional banking entities and are supported by technologies with possible vulnerabilities.”The International Monetary Fund also states that” new technologies in financial services can likewise create brand-new risks” and that”APIs with poor security architecture might lead to leaks of

potentially delicate data.”An attack on one such aggregator called Dexible in February 2023 stands as an example. In that attack, a vulnerability permitted opponents to orient tokens of users towards their own clever agreements before being withdrawn. Economically oriented malware Malware developed to gather monetary data, including charge card info, banking qualifications, cryptocurrency wallets and more delicate data, have been around for many years currently. Mobile banking Trojans A particular issue raised by Sekoia resides in the increasing number of mobile banking Trojans, which doubled in 2022 as compared to the previous year and continues to grow in

2023. Sekoia forecasts that this is likely due to the boost in mobile devices being used for financial services and to the reality that those malware help bypass two-factor authentication. Spyware Spyware– malicious pieces of code created for collecting keystrokes, credentials and more sensitive information– have increasingly been used in 2023 for bank scams, according to Sekoia. One Android malware is SpyNote, which began targeting banking applications in addition to

its previous performances. Ransomware targets the monetary sector heavily, which became the fourth-most impacted sector in the 3rd quarter of 2023, with ransom demands differing from $180,000 USD to$40 million USD and having huge physical effects in some cases. Sekoia reports an important change for known ransomware actors leveraging extortion impacting the financial sector, such as BianLian

: They have actually moved to an exfiltration-based extortion without any file encryption of the victims’systems and information. This move is likely done to avoid encryption problems at scale throughout mass compromise projects. DeFi and blockchain bridges under

attack Decentralized finance, based upon blockchain technology, likewise faces risk stars. Must-read security protection Cryptocurrencies are developed on various blockchains, which are closed environments that can not interact

with each other. To resolve this obstacle, interoperability options have been developed, consisting of cross-chain bridges and atomic swaps. These solutions rely on smart agreements, segments of code that carry out token transfers based upon the recognition of specific conditions. Attacks on DeFi companies primarily target their employees, who might be lured into offering their credentials to enemies or ending up being

jeopardized by malware. Once inside the organization’s network, the enemies have the ability to take cryptocurrencies. An example of a state-sponsored threat actor targeting DeFi and blockchain bridges is Lazarus. The North Korean hazard actor has generated 10 times more cash than other stars and mainly concentrates on the crypto possessions market entities situated in Asia and the U.S. rather than European traditional banking organizations. 3 attacks targeting DeFi platforms have actually been credited to Lazarus in 2023 against Atomic Wallet, Alphapo and CoinsPaid

, total creating the theft of$ 132 million USD. Globally, a loss of $3.8 billion USD has actually been reported by blockchain business Chainalysis for 2022, with 64%of

the loss coming from cross-chain bridge procedures. A blurry line in between cybercrime and state-sponsored espionage Attacks can often be hard to associate, specifically when an attacker’s motivation is difficult to approximate. Some attacks targeting the monetary sector are totally aimed at financial gain, however others may target at cyberespionage. Yet a lot more interesting is the reality that some danger stars camouflage their operations

as being economically oriented when they remain in truth strategic operations with an espionage objective

. In 2022, Secureworks, a Dell Technologies business, released research on risk actor Bronze Starlight targeting companies with ransomware. Secureworks suggests that”the mix of victimology and the overlap with infrastructure and tooling associated with government-sponsored threat group activity indicate that BRONZE STARLIGHT might deploy ransomware to hide its cyberespionage activity. “Another case exposed by Kaspersky sheds light on a cryptocurrency miner being a component of a more complex malware called StripedFly and related to the Equation malware. Reduce cyber danger risks The financial sector is vulnerable to numerous security dangers. Phishing and BEC have actually been around for several years however have actually evolved in intricacy to still affect the sector and stay up to date with brand-new innovations. All staff members working for monetary organizations must be educated to identify phishing efforts or fraud that might target them. They ought to also

have an easy way to report any suspicious activity to their IT department. More indirect attacks are observed in the wild, as enemies have increasingly been targeting organizations by means of supply chain attacks. In specific, open-source software application used in product and services should be carefully inspected before being deployed. Disclosure: I work for Trend Micro, but the views revealed in this post are mine. Source

Leave a Reply

Your email address will not be published. Required fields are marked *