Not all industries are equally susceptible to cybercrime. Malicious hackers are more likely to target certain sectors than others, due to the potential gains they can make through ransomware, phishing, credential stuffing, and distributed denial-of-service (DDoS) attacks. The private data that cyber criminals obtain from their crimes can be extremely valuable to them. Those committing cybercrime can range from state-sponsored actors to organized crime organizations to lone hackers.
One of the industries most vulnerable to cybercrimes is finance. A report by the Finnish security firm F-Secure has highlighted the key reasons for this trend. They fall under three categories: data theft, data integrity and sabotage, and direct financial theft.
Data Theft
State-sponsored threat actors and other cyber criminals have multiple reasons for stealing data from financial institutions. Let’s explore some of these:
- State-sponsored attackers may look to help organizations within their own nation-state act more competitively against rivals in a deal by accessing the negotiation stances of those rivals.
- Cyber criminals often try to obtain data about unpublished price sensitive information (UPSI) to assist them in their insider trading schemes.
- State-sponsored actors may want to monitor international transactions in order to track specific persons of interest.
- Secret or embarrassing customer expenditures can be opportunities for cyber criminals to engage in blackmail.
- Hackers can use their in-depth knowledge of customers’ spending habits to craft phishing campaigns that have a greater chance of success.
- Stolen data may include details that enable cyber criminals to steal funds from customers’ bank accounts.
- Cyber criminals can threaten to publish stolen data unless a ransom is paid.
- It’s possible to sell stolen data on the dark web.
- Using stolen data to commit identity fraud.
Data Integrity and Sabotage
Sabotage involves the disruption or destruction of financial systems. It is a popular method of extortion that cyber criminals utilize. Ransomware and DDoS attacks are commonly involved in this type of cybercrime.
Politically-motivated attacks may target crucial systems like trading computers or client portals. Sabotaging them can lead to financial and reputational damage costing hundreds of millions of dollars.
From the perspective of a nation-state, the risk of a cybercrime that would sabotage financial systems is complex. The risk depends on the geopolitical relations between that nation-state and the rival country that would be the target. Usually, these kinds of state-sponsored attacks only occur when the relationship between two governments is strained.
One prominent example includes the ongoing conflict between Russia and Ukraine, set in motion by Russia’s annexation of Crimea in 2014. Since then, Russian hackers have targeted various bodies that are critical to Ukraine’s national infrastructure, including banks. These hackers have deleted important files and made systems permanently unusable.
Another notable example of this type of cybercrime can be seen in the conflict between North Korea and South Korea. In March 2013, when tensions between the two countries were at an all-time high, North Korea launched a coordinated cyber attack against organizations in South Korea, resulting in the destruction of tens of thousands of computers belonging to several banks and broadcasters.
Direct Financial Theft
Banks are prime targets for cybercrime because threat actors could potentially steal tens of millions of dollars in a single attack. North Korea has attacked banks all over the world and the techniques that these state-sponsored actors have used have been adopted by organized crime groups. These methods include:
- SWIFT attacks. Cyber criminals will compromise a bank’s SWIFT payment operators, steal their credentials, and then send fraudulent transfer requests using the SWIFT messaging system. Then, when confirmation messages of these transfers are sent back to the compromised bank, the hacker’s malware intercepts them and deletes them. The illegally transferred funds can then be withdrawn from the attackers’ accounts.
- Payment switch application compromise. Whenever someone withdraws money from an ATM, a request is sent to the customer’s bank. A payment switch application – which manages communications between different entities – handles this request, carries out some checks (e.g. whether the customer has the necessary funds in their account), and sends a confirmation or rejection message. Hackers compromise payment switch applications, intercepting ATM requests with malware, which automatically authorizes their requests. The ATM then releases unlimited cash.
- “ATM jackpotting”. This is when a cyber criminal directly installs malware onto an ATM, allowing them to remotely instruct the ATM to release cash when a money mule is present. ATM jackpotting has tended to occur in developing countries but there has been a rise in this cybercrime tactic in the US as well.
How Cybercrime Impacts the Financial Sector
Regardless of why finance is such a rich cybercrime target, when such an attack occurs, the consequences can be devastating. The costs include:
- Direct financial loss
- Network downtime and lost productivity
- A loss of reputation and competitiveness
- Breach containment and remediation
- Damage control or recovery
- Newly required spending on security hardware, software, and services
- Data recovery expenses
- Incremental hiring
To avoid or mitigate these costs, it’s critical for any organization in the financial sector to combat cybercrime. Some possible strategies include the utilization of AI mitigation measures or engaging the services of a managed services provider (MSP) to help secure your systems from outside intrusion.