From heist to hijack, cybercriminals are moving on financial institutions

• Most financial institutions stated that Russia posed the greatest concern, as geopolitical tensions continue to escalate in cyberspace
• VMWare noticed that sophisticated cybercrime cartels have evolved beyond wire transfer fraud to target market strategies, take over brokerage accounts and island-hop into banks
• 63% of financial institutions admitted experiencing an increase in destructive attacks, while 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom

Each passing year, the number of cyberattacks skyrockets as campaigns become more sophisticated globally — even among (and maybe especially among) financial institutions. VMware Inc’s fifth annual Modern Bank Heists report highlighted that when it comes to the banking sector, cybercriminals have begun realizing that the most significant asset is nonpublic market information that can be used to fuel economic espionage.

That has also led to financial institutions facing increased destructive attacks and falling victim to ransomware more than in years past. “Sophisticated cybercrime cartels (have) evolved beyond wire transfer fraud to now target market strategies, take over brokerage accounts, and island-hop into banks,” VMware said.

From ransomware attacks to market manipulation, VMware’s findings make clear that today’s cybercrime cartels are more organized and destructive than ever before. The report also highlighted that 63% of financial institutions admitted experiencing an increase in destructive attacks, with cybercriminals leveraging this method as a means to burn evidence as part of a counter-incident response. 

“Additionally, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom,” it added. Interestingly — but not surprisingly — when asked about the nation-state actors behind these attacks, the majority of financial institutions see Russia as the greatest concern, especially since geopolitical tensions continues to escalate in cyberspace over the invasion of Ukraine.

How destructive are the attacks against financial institutions?

VMware noticed that once cybercriminals gain access to a financial organization, they are no longer after wire transfers or access to capital, as traditionally assumed. Instead these cybercriminal cartels look for nonpublic market information, such as earnings estimates, public offerings, and significant transactions. 

In fact, 2 out of 3 (66%) financial institutions experienced attacks that targeted market strategies. “This modern market manipulation aligns with economic espionage and can be used to digitize insider trading,” VMware said in a release. Moreover, 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. 

“The increase represents a new era of conspiracy where hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome,” it added. Almost all organizations surveyed (83%) are actually concerned with the security of cryptocurrency exchanges since successful attacks can be immediately and directly turned into cyber cash. 

The US Secret Service former assistant director Jeremy Sheridan has himself seen an evolution and increase in complex cyber-enabled fraud. “The proliferation of digital money payment systems has created a global, instantaneous, and pseudo-anonymous means to facilitate their actions. All of these factors have facilitated the maturation of a cybercriminal ecosystem that has not been sufficiently suppressed. We see these trends continuing into the future and utilizing greater anonymizing techniques such as peer-to-peer networks, privacy coins, encrypted communications, and darknet marketplaces to further expand cybercrime capabilities and reach.”

To counter that, the majority of financial institutions surveyed plan to increase their budget by 20-30% this year, VMware data shows. Top investment priorities include extended detection and response (XDR), workload security, and mobile security